Recognising, and implementing, the GDPR and Data Protection Act provisions for scientific research in Scotland’s Research Access Service

Lead: Paul Jackson (Research Data Scotland)

Proposal

Summary

The GDPR, now nearly 8 years old, contains special treatment for scientific research.

Many exemptions and exceptions are provided in return for a compensating requirement - that wherever possible, the further processing by the scientific researcher should be of data prepared in advance and provided in such a way as to be anonymised when used.
It says this is achieved by minimising the data as far as possible given the needs of the research, and then completing the minimisation through organisational and technical measures.

TREs are the perfect way to comply with GDPR when facilitating scientific research.

Research Data Scotland is building up a national infrastructure to deliver compliance with this legal framework with a project approval and governance framework designed to be as efficient and effective as possible, significantly shortening project approval timelines, and reducing the bureaucracy for all parties.

In this session we’ll share progress on this infrastructure and get feedback and thoughts from the community.

Required preparation

Read GDPR recitals 26 and156, and article 89.

Target audience

Information governance and data protection staff of TREs.