It is one of the key responsibilities of researchers and the Project Principal Investigators to familiarise themselves with the local laws, rules and ethical requirements for their projects.
When research is conducted which crosses legal and jurisdictional boundaries researchers should always seek to apply the requirements of the legislation which has the most stringent requirements of the whole project. Where this is unclear, you should obtain advice from your institute, ethical committees or qualified legal professionals.
Each EU Member State has rules on data protection and legislation that you have to familiarise yourself with if you collect personal data. These rules are derived from the Directive 95/46/EC of the European Parliament and of the council (1995). Because of this, some Member States have more restrictive data protection legislation than others.
In the tabs below some key national legislation affecting data protection is stated. This is by no means a complete coverage of all the issues.
From 25 May 2018, the General Data Protection Regulation (GDPR; European Union, 2016a) will apply to any researcher who collects data on EU citizens. One of its key aims is to harmonise laws across the EU regarding data protection legislation.