Data protection and data security

    Here researchers can gain an initial overview of our data protection requirements. The main requirements are listed in the data usage agreements. Further requirements may apply on the basis of laws and the requirements of your employer/research institute. In other respects, the provisions and stipulations of the GDPR apply. {Link to the GDPR} The protection of data is a top priority for the Research Data Centre of the German Pension Insurance. In accordance with data protection laws, our systems and processes are designed to protect sensitive information from unauthorised access and misuse.

    Anonymisation and pseudonymisation

    Data protection by way of anonymisation is always based on a reduction of the information contained in the data. This inevitably involves a reduction of the possibilities for analysis. We make every effort not to restrict the use of data unnecessarily while also taking adequate account of data protection.

    The data is anonymised in order to ensure data protection in the datasets. The data is altered in such a manner as to prevent individuals from being identified. Detailed information from the biographies of insured persons may also be capped, rounded and condensed. Please see the code plans for further details. Districts and independent cities represent the maximum depth of regional classification. As a rule, the federal state is specified as the direct region. In the case of particularly sensitive data which may only be accessed on site, the outputs generated are controlled by FDZ employees.

    Technical and organisational measures

    Training and sensitisation: Data users are informed about data protection measures and must confirm this in writing. Employees of the FDZ are trained and sensitised in the areas of data protection and data security.

    Access control (for guest researcher workstations): Only authorised persons have access to the data provided by the FDZ-RV. Access authorisations and authentication procedures have been implemented for this purpose.

    Logging (guest researcher workstations): Whenever the data is accessed, this is logged to ensure reproducibility and auditing.

    Enclosure to the user agreement

    All users listed in the agreement must sign the enclosure to the user agreement, which ensures that the data is only used for the designated purposes and safeguards confidentiality. 

    Breaches of contract and contractual penalties

    Use of the data for purposes other than the contractually agreed purposes, disclosure to third parties (including research partners) and commercial use are not permitted. An expansion of the group of users requires an amendment to the agreement in writing.

    The data – including extracts thereof – may not be combined with other micro-data. Parameters at an aggregated level may be added following review by the FDZ.

    The disclosure of data via any form of communication is strictly prohibited.

    Attempts at deanonymisation and the publication of results that allow conclusions to be drawn on individuals are prohibited.

    In the event of breaches of contract, the FDZ shall revoke the authorisation to use the data. Moreover, financial penalties and exclusion from further data use are possible.

    Contract partners are held liable by the German Pension Insurance for all damages incurred in the handling of datasets that does not correspond with the agreement.