GDPR-related anxiety disorder is more than feeling a bit worried, or concerned after reading a data protection update statement from your institution. Symptoms can last for weeks, or even months and interfere with daily research activities. The good news is that with clear and level-headed thinking, most researchers with GDPR-related anxiety disorder can make a full recovery and continue with their work, unimpeded.
GDPR-related anxiety disorder can affect researchers in a wide variety of ways:
- Feelings of hopelessness and impending doom, when reflecting on what GDPR will mean for the future of their research.
- Feelings of worry and concern, when trying to read countless guidance documents.
- Chronic ‘GDPR’ googling to find out the latest guidance from organisations and institutions.
- Increased incidence of colleague rage-events, when asked about GDPR in any shape, or form.
Now this is an obvious one, but more specifically, triggers for GDPR-related anxiety disorder can be:
- Overhearing afflicted colleagues panicking about GDPR.
- Receiving unclear, or misleading guidance on GDPR compliance.
- Scaremongering about the sizeable maximum fines for GDPR non-compliance.
If you are reading this blog post, chances are you are suffering from GDPR-related anxiety disorder (academic-type).
I would recommend following these simple steps. Whilst they may not lead to full recovery, they will hopefully allow you to continue your day with considerably less worry:
- Take a deep breath, go for a walk, watch this youtube video. Do whatever you need to feel a little more relaxed.
- Go back to the original text. It is definitely annoying that guidance from the ICO and localised institutional guidance can be a little slow in coming, particularly given that this all gets implemented on the 25th May 2018, but accepting this will help you move forwards. The GDPR original guidance definitely has a few confusing, or blurry places that need clarification, but generally does a good job of emphasising the key principles it is trying to achieve.
- Try not to think of the end-goal of being perfectly GDPR-compliant and focus on the process. There are likely no perfect universal answers to the questions you are asking, as all research and institutions are different. Instead, have a look at the GDPR document and try to centre-in on the core principles around transparency, accountability and honesty and carefully think through your approach to your research in terms of this. Write down your thinking and justifications for certain decisions and try to talk this through with your institution (data officer, ethics board etc.). If you have done this, you are well on your way.
- Forgive the EU Parliament/ICO/European Council/your institution. It is likely that all this stress and worry has created a lot of hostility in the way you think about these organisations. Forgiveness is key here. Remember that these organisations are not trying to catch you out – they just want to put transparency, honesty and accountability at the centre of all personal data usage and researchers have got caught up in this legislation. Researchers are largely doing these things anyway and have been working carefully with personal data for a long time. However, GDPR is a good opportunity to think through the data you collect, how you seek permission, where you store it and how you process and disseminate it; write all this stuff down and feel confident that you have thought about this issues carefully.
Living with GDPR-related anxiety disorder
If you are still worried about GDPR and feel unable to cope, please speak to your institution. Try to remember that these feelings won’t last forever. Everyone is a bit confused/worried/unsure right now, even ‘the powers that be’ in your institution trying to disseminate their localised guidance, so try not to stress. New legislation like this is often followed with some bumps and hiccoughs along the way, so take a deep breath – we’re all in this together.
Disclaimer: Thoughts and views my own (a PhD research student who has journeyed from severe GDPR-related anxiety to recovery).