Although applying the new regulation may give the impression of being a barrier, in the end it helps improve results, experts say
Many times we talk about the protection of data of individuals and companies, but it is not very common to focus on research projects . In them, as José Antonio Rubio, Doctor Cybersecurity Engineer from the URJC, highlights , scientific information is generated and very important personal data is processed . After the approval of the new General Data Protection Regulation, already in force in all EU countries, the question would be how they see it and face it from the research sector.
Ricard Martínez, director of the Chair of Privacy and Digital Transformation of Microsoft – University of Valencia, recognizes that since a research project begins a transition is observed in this area. “The first sensation of the researcher when facing the data protection regulations is that it is a barrier that will stop him and put difficulties.” But the truth is that, as the processes associated with data protection are developed, a complicated process in which things are analyzed such as where the data will be better, what are the security measures, how they are going to be treated or why They will use, perception changes. When checking that“The quality of the project is improved, which was initially seen as a barrier, becomes an analysis tool that helps improve the governance and results of the project.”
This issue was recently addressed at the Congress on Research and Data Protection held in Valencia, where numerous experts participated, including Ricard Martínez , who recognizes, with a sense of humor, that “as a data protection delegate I am, sometimes, I may be hated at the beginning of the project, but I swear that in the end, the relationship is love. ”
The increasingly interdisciplinary research teams
Martinez acknowledges that we are not yet aware that research teams in digital transformation cannot be “monocultures .” A medical investigation, for example, not only involves doctors, it must include security personnel, legal advice on data protection and increasingly, in the world of Big Data, it must involve experts in ethics and philosophy , in a way that “teams tend to be multidisciplinary.”
Martínez says that in Spain a large part of the research is university and in these centers , according to European and Spanish legislation, there must be a delegate of Data Protection to ensure their respect and protection. On the other hand, public cofinancing projects require guaranteeing the right to data protection and in regard to business research, a sector in which there is a responsibility in terms of very large fines , “they are very careful to ensure that regulatory compliance is guaranteed in data protection and not only for a pecuniary issue, but because scientific research is governed by ethical principles and scientists feel especially concerned with the guarantee of people’s rights. ”
Nowadays , security must be inserted in the design of the project , but “just as I say that most scientists feel involved in this, I will not tell them that there are no projects that are not doing well at all,” he says. Martinez
On possible cyberattacks, he recognizes that there are more sensitive sectors than others, such as those where patents or invention models are generated. Here it is very likely that they are exposed to the attack of hackers, because money and knowledge moves and may be of interest. “Not only for hackers, but in thinking in terms of cyberwar and cybercrime.”
Martínez believes that a sectoral and agreed approach with the sector of the data protection authorities is necessary. In Europe there are already very good guides in this regard, but the regulator does not usually ask. ” If the Spanish Agency for Data Protection is able to descend to practice and work together with researchers and offer tools that are common solutions, this country will go far.”