GDPR AND PRIVACY
Since 25 May 2018 the General Data Protection Regulation (GDPR, in Dutch ‘Algemene Verordening Gegevensbescherming’) is in force. This regulation also applies to the data collection that happens within the context of the HBO Monitor. The Research Centre for Education and the Labour Market (ROA) - responsible for the execution of the HBO Monitor – registered the research as personal registration at the Data Protection Authority. The ROA is part of Maastricht University and the guidelines as drawn up in the Policy processing personal data are therefore applicable to the research activities of the ROA. The personal data that is collected within the context of the HBO Monitor is therefore treated in accordance with GDPR-requirements.
Goal HBO Monitor
The Goal of the HBO Monitor is to map out HBO-graduates’ transition from education to the labour market. In this context their position on the labour market, the characteristics of their job, the connection of this job with the study they followed and their judgement about this study are considered. As there are no data available about this from other sources, an inquiry is conducted every year among graduated HBO students in the context of the HBO Monitor.
The adresses of the approached graduates come from the participating Universities of Applied Sciences. These Universities are the commissioning party for the HBO Monitor. They use the results from the HBO Monitor to improve the quality of their education. Quality assurance is both a legal request as well as a justified interest of the Universities. Both are mentioned as bedrocks for the procession of personal data in the GDPR. The Universities of Applied Sciences provide the address files to DESAN Research Solutions, the institution in charge of the fieldwork of the HBO Monitor. Graduates’ name- and address details are stored in a separate file and never taken into account in the research data. A conjugation between the completed inquiries, the research data and respondents’ NAW-details (Name, address and city of residence) is only possible with the use of an anonymously encrypted code. Respondents’ NAW-details are not relevant for research purposes, yet a conjugation remains necessary since respondents have a right of inspection according to the GDPR. DESAN Research Solutions keeps the address details up to one month after communication of the research results to the Universities. After that they are destroyed.
The ROA edits and analyses the HBO Monitor research file. As explained, this file does not contain the graduates’ NAW-details provided by the Universities. Neither does the ROA itself dispose of the address files provided by the Universities. Any potential NAW-details or e-mail addresses obtained via the inquiries are deleted from the research file and stored elsewhere directly after the ROA received these data. De-linking these personal details from the research file is done by ROA’s data manager. Moreover, the data manager is the only ROA employee with access to these de-linked privacy sensitive inquiry-data. The research data from the HBO Monitor are stored on secured servers at the ROA, only accessible to ROA researchers. The research file is only available to third parties under very strict conditions via DANS. The data can only be used for scientific purposes and a research plan has to be proposed that falls within the research purposes of the HBO Monitor. Furthermore, data made available for third parties do not contain institute-specific variables.
The information based on the HBO Monitor that is published, consists of national figures as well as institute-specific reports. The national figures can never be deduced to specific individuals. An institute-specific report can only be inspected by the institute in question. Respondents are only recognisable in the institute-specific reports if they gave permission for this in the inquiry.
The data traffic between the ROA and DESAN Research Solutions only takes place via a Cryptshare server for protected data exchange.