Skip to Main Content

Data management for students: Research with human participants

Research Data Management (RDM) for students of the Radboud University

Human participants

When your research involves human participants (as opposed to math formulas or literature texts) there are more considerations that need to be taken into account, which are detailed below.  


Ethics committees

When dealing with human participants you may need to consult an ethics committee who will assess the ethical aspects of your research project before you start. This will especially be the case if you are dealing with more vulnerable participants (e.g., minors). Students rarely collect special categories of personal data (e.g., religious beliefs, sexual orientation), however if this is the case, consult your ethics committee. If you are in doubt, talk to your supervisor. A list of the ethics committees at Radboud University can be found here.

Personal data

Personal data needs to be protected, safely stored and must not be shared publicly. [1]

Personal data are any information relating to an identified or identifiable living person. Personal data can be divided into two types:

  • Direct identifiers: Any information directly identifying a person. Examples include names, birthdates, addresses, IP addresses, photos, and audio and video recordings. 
  • Indirect identifiers: Any information that can be traced back to a person in combination with other data. For example, knowing that someone is female, is not enough to identify a person. However, knowing that someone is female with the additional information that this person was the chancellor of Germany, will lead you to Angela Merkel.

Importantly, if a person’s identity is known or can be inferred, then any information you have about this person is considered personal data. Thus, if a person is identifiable, then this person’s gender is considered personal data as much as information you have about their favourite type of pizza.

Be particularly careful when collecting special categories of personal data, such as health data, political opinions, religious beliefs, someone’s sexual orientation etc. [2] These data can be used to discriminate against individuals and thus may only be collected when absolutely necessary and only when you have received approval from your local ethics committee and when you have obtained explicit consent from you participants.

[1]It is only possible to share personal data if the participants explicitly provided informed consent for this. This should only be done when absolutely necessary and should be approved by your local ethics committee.

[2] See here for more information.

Informed consent

If you have human participants you will most likely need to get informed consent.

  • The participant is informed about what (personal) data will be collected, what is done with this data, and for what purpose. This information is usually provided in an information brochure which the participant has received and understood. It is important that this information is understood. Therefore the information brochure may be supplemented by other means such as an oral explanation or an explanatory video.   
  • The participant gives explicit consent by freely opting in to participate in the research and agrees to their data being processed. The participant should be aware of their right to withdraw their consent as well as the point in time after which this is no longer possible.

More information on informed consent can be found here.

Do's and Don'ts


  • Delete personal data that was only collected for administrative purposes and not needed to answer your research question (e.g., email addresses used to contact participants) as soon as possible.
  • De-identify data whenever possible. This may not be possible in some cases when the personal data is needed to answer the research question. See Anonymisation and pseudonymisation below.
  • Safely store personal data. See the section Safe storage.


  • Do not collect more personal data than absolutely necessary. For example, if knowing the age of your participants is enough to answer your research question, do not ask for your participants’ birthday.
  • Do not share personal data with anyone unless absolutely necessary (e.g., with your supervisor) and then only when you have the participants’ Informed consent

For more information about privacy and security click here.

Anonymisation and pseudonymisation

Whenever possible, de-identify data by anonymisation and if that is not possible (e.g., when running a longitudinal study) then by pseudonymisation.

  • Anonymous data: It is not possible for anyone (not even for yourself) to trace the data back to an individual. Anonymous data are not considered personal data anymore and can usually be shared more freely. It can be difficult to fully anonymise your data, so make sure to consult your supervisor if you have any questions.
  • Pseudonymous data: Identifiers in the data are replaced by pseudonyms. For example, participants are called pp01, pp02 etc. in your pseudonymized data file, but in addition, you keep an encrypted key file (stored separate from your data) telling you that pp01 is Jaap Smit. Unless there are good reasons (longitudinal studies for example) key files are deleted in most cases, shortly after (for example one month) the end of data collection or analysis. Pseudonymized data are still considered personal data.