ABSTRACT
This chapter explores the legal and regulatory environment that today’s researchers must navigate, focusing on data privacy, informed consent, and data protection. It provides an overview of key legislation such as the European Union’s General Data Protection Regulation (GDPR), which has set a global benchmark for handling personal data. The chapter breaks down fundamental legal concepts – what constitutes personal data, lawful bases for processing data, and data subject rights like consent and the “right to be forgotten.” It also examines how these legal requirements translate into research practice: for instance, how a PhD student should store and anonymize sensitive data, or address participants’ withdrawal of consent under GDPR. Privacy laws beyond Europe (e.g., Health Insurance Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CCPA)) are briefly surveyed to show the worldwide trend toward stronger data protection. Emphasis is placed on seeing legal compliance as intertwined with ethical research practice. The chapter concludes that by treating regulations as codified ethics – rather than mere red tape – researchers can better protect participants’ rights and uphold public trust in research.
