GDPR Workshop

Content

This course is a practical introduction to data protection and GDPR compliance throughout the research lifecycle.It will provide an overview of the health data resources in Denmark and the minimum requirements for research data management.

The course will cover:

• the scope, principles, and concepts of GDPR regulation, such as the data controller and processor;
• the concept of lawful processing and data processing and sharing agreements;
• health data research ethics and risk assessment
• how to apply to the scientific ethics committee 
• how to handle spatial requirements for bioinformatics data and incidental findings
• information security practices, covering risk assessment and data protection impact assessment
• technical and organizational measures to mitigate the risk.

The focus of the course is health/genomic data, particularly secondary research on already existing data (registries, health records, genomic data from research, and clinical biobanks.

Learning Outcome

A student who has met the objectives of the course will be able to: 

• Understand basic concepts and principles of relevant data protection and GDPR regulations.  
• Describe and explain what data controller, data processor, and joint data controllership is.  
• Recognizes what legal obligations lawful data processing entails and where to get help regarding data processing and sharing agreements. 
• Grasp fundamental principles of research ethics and ethical issues concerning health data. Understand the process of ethics assessment and risk mitigation, particularly, regarding sensitive bioinformatics data. 
• Have insight on information security best practices, and data protection by design and default (risk assessment, data protection impact assessment). 
• Be able to identify appropriate technical and organizational measures available for KU employees.