skip to main content

Data Protection

Ad hoc group in the DeGEval - Evaluation Society

Data protection is an important topic in our day-to-day work and one that poses challenges for many. Not only the EU General Data Protection Regulation (GDPR), but also the Standards for Evaluation (F2 Protection of Individual Rights) call for the transparent and fair handling of data and the protection of personal data: "Evaluations should be planned and conducted in such a way that the rights, safety and dignity of the persons involved in an evaluation are protected".

An ad hoc group was set up to address these challenges. A survey of members on the topic of data protection was conducted in 2021. The results can be found below. Further training on the topic took place at the DeGEval annual conferences in 2021 and 2022. Since 2022, a virtual series of events has been held, with short inputs and opportunities for exchange in the sense of a practical network on data protection in evaluation. Legal advice is not provided.


Previous topics and dates of network meetings

  • Data protection aspects in surveys (Tuesday, March 22, 2022 - 11:00-12:00); Speaker: David Peters (Niederrhein University of Applied Sciences)
  • Creation of a privacy policy (Wednesday, May 4, 2022 - 11:00-12:00); Speaker: Dr. Maria Galda (evasys GmbH)
  • Self-hosting of surveys vs. hosting at the service provider (Monday, May 30, 2022 - 11:00-12:00); Speaker: Dr. Johannes Wiesweg
  • Personal data: Exchange on the handling of free text responses in online surveys (Wednesday, January 25, 2023 - 11:00-12:00); Moderation: Dr. Hanna Ehlers (University of Hamburg) and Katharina Klockgether (Univation Cologne)
  • (How) Can teachers (or other "evaluation laypersons") assume data protection responsibility for self-conducted online surveys? (Tuesday, September 5, 2023 - 11:00-12:00); Speaker: Ralf Schattschneider (Institute for Educational Monitoring and Quality Development (IfBQ) Hamburg)
  • Personal data: Informing data providers correctly in surveys (Tuesday, November 28, 2023 - 11:00-12:00); Speaker: Rico Schnathorst (Univation - Institut fΓΌr Evaluation GmbH)

 

Next network meeting

Documentation of processing activities - what must and what can? (Wednesday, April 24, 2024 - 11:00-12:00); Speaker: David Peters (Niederrhein University of Applied Sciences)

With the introduction of the GDPR, data controllers are accountable for compliance with data protection requirements when processing personal data. Experience shows: The spectrum ranges from the creation of a data protection declaration for data subjects to comprehensive documentation using the standard data protection model. The following questions will be explored in a collegial exchange: Are your processing activities systematically documented and checked for data protection? Who is responsible for this? Which documents are created or requested for this purpose? Are there different documentation requirements depending on the level of data processing?

Here is the link to registration (required!):

https://hs-niederrhein.zoom-x.de/meeting/register/u5YkfuCgpzgiHtSG13Txtm3cNm3Xm16yx_QI

 

The meetings on January 25 and November 28, 2023 are part of a thematically related series. A further meeting is planned on the following topic

  • Personal data: How and when to delete after the survey?

 

For the ad hoc group, we are still looking for a) people who would like to exchange ideas on these topics and b) people who are well versed in data protection or have ideas for obtaining external expertise.


Please contact us by e-mail:

Katharina Klockgether (Univation GmbH): katharina.klockgether@univation.org

Dr. Maria Galda (TH KΓΆln): maria.galda@th-koeln.de)


Data protection in evaluation practice: Short report on the results of a survey of DeGEval members

Authors: Dr. Maria Galda, Dr. Monika Renz, David Peters


In the period from 27.05.2021 to 15.06.2021, DeGEval members were given the opportunity to participate in an online survey on data protection in evaluation practice organized by the ad hoc group on data protection. The aim of the survey was to identify the needs of DeGEval members. The needs are intended to provide orientation for the planning of training courses, source collections, best practice reports and recommendations for action in the future.

A total of 107 completed online questionnaires were sent in. Respondents indicated membership or affiliation to 17 DeGEval working groups, with the working groups Methods in Evaluation (19%), Universities (13%) and Development Policy and Humanitarian Aid (11%) being the most frequently mentioned. 90% of respondents are concerned with data protection aspects in the implementation of evaluations; other areas mentioned are research (45%), the selection of services/software (37%) as well as contract design and the processing of client data (34% each).

Two key insights into the needs can be extracted from the responses of the survey participants:

  • GDPR-compliant implementation of surveys

This includes information on data protection and information in the form of a privacy policy for survey participants or during interviews. The handling of personal data that arises during the survey process, e.g. contact data, personal data in free text or photos, is also an issue that needs to be clarified. Furthermore, survey participants have questions about the conditions of use of survey results with personal data, as well as their anonymization, pseudonymization, archiving and destruction. The handling of minors' data is also a virulent topic here. Practical instructions or templates are required for the GDPR-compliant implementation of surveys.

  • Information and knowledge transfer on the basic principles of data protection and data protection law with regard to business relationships

This includes the areas of commissioned data processing, technical and organizational measures and data protection impact assessments. The GDPR-compliant commissioning of external parties and requirements from clients to contractors (data protection clauses) are also issues of practical relevance.

From the ad hoc group's perspective, the responses aimed at overarching aspects of data protection culture and sharing experiences were also noteworthy. From data protection as a prohibitive norm to the desirability of raising awareness of data protection issues and different views on data protection in international evaluation projects, it was clear that there are sufficient topics for a joint exchange of experiences.

The topic of data protection and data security of digital work and organizational processes as well as aspects relevant to data protection when purchasing software or web-based services (Zoom, Teams, etc.) were less well represented. The requirements for data protection-friendly default settings for software tools play an important role in everyday evaluation work.

Unfortunately, only a few references to sources or best practices were mentioned. The ad hoc group would be pleased to receive submissions from you, even independently of the survey.

What will happen with the results?

The aim is to collect information relevant to evaluation, to network members and, if necessary, to give them the opportunity for further training. The results will play a key role in the planning of these measures.