Data protection in connection with thesis


Theses fall into the research category, which is why all sections of the Data protection in research page should be followed. This page summarises the issues that typically should be remembered on data protection in a thesis.

The EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act should be followed in theses.

Planning the processing of personal data

When planning a thesis, it is important to consider issues such as the following:

  • Which information needs to be collected to answer the study questions
    • Would it be possible to remove personal data (anonymisation) from the material or convert it to anonymised data using, for instance, codes preventing identification (pseudonymisation).
    • Only collect information relevant to the study question.
    • Be careful when processing personal data.
    • Assess whether there is a need for an impact assessment
  • What tools do you use to collect and process information?
  • How long should you preserve the material and how is it destroyed or archived?

Informing study participants

It is important to prepare a data protection notice for the participants in the study in accordance with the Informing the data subject instructions. Typically, the student acts as the controller for the thesis. The processing may be based on, for instance, consent or public interest.

Further information


Sähköpostiosoitettasi ei julkaista.