As already mentioned, the GDPR prohibits the processing of special categories of personal data – thus including biometric ones – unless specific exemptions apply (see section ‘Identify the most appropriate legal basis’). Therefore, researchers planning to process biometric data need to be certain that processing them is necessary to achieve the goal of the research activity (see the “Data Minimization” subsection in the Principles section of the General Part of these Guidelines). For instance, the research goal might be to develop and test a new approach to increase the accuracy of facial features detection systems. In this case, the goal is not to increase the accuracy of uniquely identifying individuals, but only the accuracy of facial features detection. Thus, researchers might rely on computer generated facial images rather than pictures of an existing natural person, removing the need to process biometric personal data. In case of system development, researchers should also consider how the biometric system will process biometric data after its deployment. Researchers are required to implement in advance all the technical and organizational measures to ensure that any potential risk is mitigated and data processing occurring after the deployment will be performed in compliance with the legal framework (see the “Integrity and Confidentiality” subsection in the Principles section of the General Part of these Guidelines).