GDPR/IRB in Practice: A Field Checklist for Online Studies
09/01/2025
Minimize and inform
Collect only what you need and explain why.
Lawful basis & consent
Use clear consent language and easy withdrawal paths.
Retention & deletion
Document retention windows and deletion procedures.
Security baseline
Strong access controls, unique codes, and admin audit logs help meet oversight.