Conference Agenda
| Session | ||
WS 5a - Translating Research Concepts into GDPR-Compliant Projects: A Six-Step Process and Three Cases for Hands-on Practice
| ||
| Session Abstract | ||
|
Brief Description and Outline: Designing GDPR-compliant projects is challenging for many researchers, resulting in long approval cycles, repeated changes to the project design and suboptimal technical setups. This hands-on workshop introduces a six-step process for translating research concepts into lean, GDPR-compliant project designs. Participants will then practice by applying the process on three cases involving healthcare data. The workshop is suitable for all participants working with personal data in the EU. No GDPR expertise is required, basic data protection concepts (e.g. pseudonymization vs anonymization) should be familiar. Agenda: (1) Introduction, Objectives, Agenda, Expectations (10 min): We introduce the structure of the session and gather input from participants on common GDPR-related challenges in their projects. (2) GDPR-compliant design in six steps (20 min): Participants are introduced to a six-step process which takes them from a research concept to a GDPR-compliant project design. The six steps cover GDPR scope assessment, data classification, processing options, roles and responsibilities, international data transfers, and safeguards. In preparation for the group exercises, the three cases and supporting material for the case practice are presented. The cases are based on real-world projects and involve common challenges encountered in research projects, e.g. combining personal data from several countries. (3) Group Case Exercises (40 min): In small groups of two to six, participants apply the six-step process to one of the three cases. They analyze requirements, explore data processing options, and develop GDPR-compliant project designs. (4) Group Presentations & Discussion (40 min): Each group presents its solution, key decisions, and underlying reasoning. Common patterns, trade-offs of different approaches and open questions are discussed. (5) Wrap-Up & Takeaways (10 min): The workshop concludes with a summary of key insights, pitfalls, and practical guidance. Participants will get a one-pager hand-out, which describes the six steps and provides practical examples how to apply them. Goals: By the end of the workshop, participants will be able to: (1) Apply a six-step process to design GDPR-compliant research projects, (2) Evaluate GDPR-related options early in the project, (3) Discuss GDPR-related issues confidently with data protection officers or IT specialists. Designing projects in a GDPR-compliant way from the outset helps avoid delays, unnecessary iterations, and compliance risks, thereby speeding up research projects. Presenters Experience: Julian Beimes is Associate Principal at idalab GmbH, where he supports medtech and biopharma companies in conceptualizing and implementing AI solutions. Target Audience: The workshop is aimed at scientists and research professionals who design, lead, or contribute to data-driven projects involving personal data. No GDPR expertise is required, basic data protection concepts (e.g. pseudonymization vs anonymization) should be familiar. Keywords: GDPR, Project Design, Data Processing |