Privacy for students

What are personal data?

We speak of personal data if data can be traced directly or indirectly to a natural person. For example, a name, student number, visual material or an IP address. Or if the content of an assignment can be traced back to a student. All personal data are subject to the rules of the AVG. Including personal data collected before the AVG (25 May 2018).

Data breach

A data breach means that personal data has been lost or an unauthorized person (possibly) has access to the personal data. For example, the loss of a laptop or USB stick, an e-mail sent to the wrong person or authorisations that have not been properly arranged.

A data breach is not only IT-related; losing a paper file, for example, can also result in a data breach. (Suspected) data leaks should always be reported via


Even if you conduct research as a student and collect personal data, the AVG guidelines must be observed. Consider the following:

  • In consultation with your lecturer, check whether you need approval from the Human Research Ethics Committee (
  • Make sure you have a legal basis for conducting the investigation. This will often be the consent of the person(s) involved. Check for more information about "informed consent" (including templates).
  • Make sure that you inform the person(s) concerned clearly and transparently about what you are going to do with his or her personal data. Check for more information about "informed consent" (including templates).
  • Collect as little personal data as possible. Take special care when collecting special personal information, such as race, religion or health data. - Store personal data in a secure database, such as DANS.
  • Delete/anonymise personal data when you no longer need them.
  • When publishing, use anonymised personal data as much as possible.
  • Ensure that personal data is stored within the EU. Cloud applications such as Google and Dropbox store data outside the EU. If it is necessary to store data outside the EU, additional measures will have to be taken. Please contact the data steward of your faculty about this.
  • Report (suspected) data leaks via
  • If you have any questions, please contact the data steward of your faculty.

Role of teachers

As a student, you can also expect a number of things from your teacher:

  • Your instructor has the responsibility to handle your personal data with care. Your lecturer will comply with TU Delft's privacy policy.
  • Your lecturer can help you determine whether you need approval from the Human Research Ethics Committee (HREC) to conduct (bachelor/master) research.

Study and student associations

Study and student associations have their own responsibility in complying with the AVG and are responsible for processing their own data.