Aarhus University Seal

Research and the general data protection regulation – what are we doing at Health?

Hardly anyone can fail to have noticed that a new data protection regulation comes into force on 25 May this year. The rules and regulations are being tightened to ensure and document that personal data is handled, stored and processed in a secure manner. This will affect everyone who makes use of personal data in research projects.

Health and clinical research are closely interwoven which means that the new regulation can possibly give rise to questions and furrowed brows in the research environments. Vice-dean for Research Ole Steen Nielsen is ready to meet the challenges and calls for restraint.

"We’ve carried out clinical research with personal data for years and we’ve done so in a responsible manner. The rules are now being tightened up. This means that, among other things, we need to have more structure and extra procedures in place around the research projects. That work is in full swing, "says Ole Steen Nielsen, who is also chair of the faculty’s central information security committee (FISU).

This work includes entering into data processing agreements with all partners outside of own organisation, which includes having to describe how you will check that the partners comply with the agreement.

Read more in the article “Stricter rules on personal data use”.

Everyone who carries out research has a responsibility

The work of implementing the general data protection regulation at Health lies with the faculty, departments and the individual researcher. The Faculty's Central Information Security Committee (FISU) acts as a steering group, maintains a broad overview of the general data protection regulation at the faculty and coordinates the initiatives with the departments and the rest of the university. The steering committee also has a representative from each department.

All five departments also have their own working group charged with identifying the specific situation at the department and taking care of the more specific departmental challenges. This area has particular significance for the individual researchers and their research projects.

"At the faculty level, we ensure that the overall framework and the relevant tools to help people are in place, but it’s important to stress that everyone who works with research has a responsibility to ensure that we comply with the stricter rules. It is here that the working groups headed by the department head have an important role in providing clear guidelines for the researchers, "says Ole Sten Nielsen.

Research collaboration with the region is a bit of an obstacle 

Data Manager Jakob Hjort from the Department of Clinical Medicine has a fifty per cent workload reduction and is now also employed as the faculty's data protection coordinator. Together with Ole Steen Nielsen and the head of health’s IT Support Mads Rasmussen, he will be visiting the departments during April.

"The visits to the departments give us a good insight into where the data protection regulation and research collide, and where there are general issues that we need to resolve at faculty level or perhaps pass on to AU level," explains Jakob Hjort, who so far has a workload reduction until June.

One of the hurdles is the research collaboration between Health and the Central Denmark Region which primarily takes place at the Department of Clinical Medicine. Researchers are here often employed both at AU and at AUH and carry out research projects by virtue of their double employment. 

"The research collaboration with the region is a unique constellation, but also a difficult hurdle to deal with in regard to the general data protection regulation. Responsibility for research data formally lies with the region, but at the same time, as a university we are required to undertake a great deal of registration and procedural work. We’re currently resolving this ambiguity so that the clinical researchers know what they have to do," says Ole Steen Nielsen.

Everyone who carries out research has a responsibility

The work of implementing the general data protection regulation at Health lies with the faculty, departments and the individual researcher. The Faculty's Central Information Security Committee (FISU) acts as a steering group, maintains a broad overview of the general data protection regulation at the faculty and coordinates the initiatives with the departments and the rest of the university. The steering committee also has a representative from each department.

All five departments also have their own working group charged with identifying the specific situation at the department and taking care of the more specific departmental challenges. This area has particular significance for the individual researchers and their research projects.

"At the faculty level, we ensure that the overall framework and the relevant tools to help people are in place, but it’s important to stress that everyone who works with research has a responsibility to ensure that we comply with the stricter rules. It is here that the working groups headed by the department head have an important role in providing clear guidelines for the researchers, "says Ole Sten Nielsen.

Research collaboration with the region is a bit of an obstacle

Data Manager Jakob Hjort from the Department of Clinical Medicine has a fifty per cent workload reduction and is now also employed as the faculty's data protection coordinator. Together with Ole Steen Nielsen and the head of health’s IT Support Mads Rasmussen, he will be visiting the departments during April.

"The visits to the departments give us a good insight into where the data protection regulation and research collide, and where there are general issues that we need to resolve at faculty level or perhaps pass on to AU level," explains Jakob Hjort, who so far has a workload reduction until June.

One of the hurdles is the research collaboration between Health and the Central Denmark Region which primarily takes place at the Department of Clinical Medicine. Researchers are here often employed both at AU and at AUH and carry out research projects by virtue of their double employment. 

"The research collaboration with the region is a unique constellation, but also a difficult hurdle to deal with in regard to the general data protection regulation. Responsibility for research data formally lies with the region, but at the same time, as a university we are required to undertake a great deal of registration and procedural work. We’re currently resolving this ambiguity so that the clinical researchers know what they have to do," says Ole Steen Nielsen.

Help is available

Although several measures and initiatives have been implemented at faculty and departmental level, the number of questions are unlikely to decrease as the deadline of 25 May 2018 approaches.

Information about rules, regulations and guidelines for data protection can be found at http://www.au.dk/informationssikkerhed/databeskyttelse/. The site is continually being expanded, so it is a good idea to visit it regularly to stay informed.

If you cannot find an answer on the AU webpage, then you should contact either the departments' FISU members or Jakob Hjort.

"Living up to the new general data protection regulation may seem convoluted, but we must bear in mind that basically we have to reasonably ensure and document that unauthorised persons cannot gain access to the sensitive personal data that we are entrusted with in our research work. We’re working together with the departments to make the process and the work go as smoothly as possible, "says Jakob Hjort.

­


Departmental FISU representatives


Contact

Vice-dean for Research Ole Steen Nielsen
Aarhus University, Health
Mobile: (+45) 2476 5093
Email: osn@au.dk