Important information about data processing

Your research project must be registered in your faculty’s GDPR register if it involves processing personally identifiable information. The registration consists of a risk assessment classified under CIA—Confidentiality, Integrity, and Availability— evaluated through a Data Protection Impact Assessment (DPIA) within the GDPR framework. It is important to avoid using public cloud services (e.g., Dropbox, Google Drive) for storage. Or in general, be careful with any platform that is not listed in the Data Processing & Storage Finder to minimize potential privacy and security risks. Comply with relevant policies when using UM tools and software and consult the ICTS security page for safety tips. Before settling on a solution, finalize your registration and assess your project’s specific security and privacy needs. Should you encounter any uncertainties, contact your faculty’s data steward or rdm-services@maastrichtuniversity.nl for personalized advice.