How does GDPR influence my public involvement and engagement activities?
The General Data Protection Regulation (GDPR) was enforced on 25 May 2018. It is an EU law on data protection and privacy for all individuals within the European Union and the European Economic Area (EEA). The GDPR gives individual the control to look into their personal data held and has stricter regulations on where data can be stored.
It could happen that a public contributor would like to gain insights in the personal information you store of them. If this happens, contact the Information Governance professional or the legal team within your department on how best to proceed with the request.
Personal information is no longer allowed to be stored outside the EEA. This is mostly relevant if you use an online questionnaire or other tool to gather information online
The GDPR does not stop you from doing any patient and public involvement and engagement activities. However, it is important to think about what information you ask, i.e. for evaluation purposes. Best practice is to not ask for any personal information for which you do not have a business reason to collect them, i.e. do not ask for people’s email address if you do not require any follow-up. Be also transparent on why you gather personal data, how it will be used and where it will be stored. The public needs to be made aware whom to contact if they have any questions on their data at a later point. For any further questions on how GDPR might affect you involvement and engagement activities, do contact the Information Governance professional within your department or university.