Preservation for research purposes
Personal data must be deleted as soon as they are no longer needed to achieve the purpose or if further storage would conflict with legitimate interests of the data subject. Further storage of (sensitive) personal data is, however, allowed e.g. if:
· the data subject has given his or her consent
· the data has already been made public by the data subject
· these following cumulative conditions are met:
o it must be necessary for the purposes of scientific research, whereas
o the public interest in carrying out the research project significantly outweighs the data subject’s interest in ruling out the possibility of collection, and
o the research purpose cannot be achieved in any other way or would require disproportionate effort (cf. Section 14.5 of the FDPA)
In weighing the public interest, special attention shall be paid to the scientific interest of the research project.
Personal data collected or stored for scientific research purposed, may be processed or used only for such purposes. The data should be rendered anonymous as soon as the purpose allows this, and in the meantime, the personal characteristics should be stored separately, only combined with the information to the extent required by the research purpose (cf. Article 40).
The data controller must take the necessary technical and organizational precautions in order to ensure the security of the data. In particular, data security measures must (cf. Annex to Section 9):
· prevent unauthorized persons from gaining access to data processing systems for processing or using personal data (access control)
· prevent data processing systems from being used without authorization (access control)
· ensure that persons authorized to use a data processing system have access only to the data they are authorized to access, and ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording (access control)
· ensure that personal data cannot be read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media, and that it is possible to ascertain and check which bodies are to be transferred personal data using data transmission facilities (disclosure control)
· ensure that it is possible to check and ascertain whether personal data have been accessed, altered or removed from data processing systems and if so, by whom (input control)
· ensure that personal data processed on behalf of others are processed strictly in compliance with the controller’s instructions (job control)
· ensure that personal data is protected against accidental destruction or loss (availability control)
· ensure that data collected for different purposes can be processed separately
The Federal Personal Data Protection Act, 2009 [online]. Available at: <http://www.bfdi.bund.de/EN/DataProtectionActs/Artikel/BDSG_idFv01092009..... [Accessed 18. June 2014].