This document summarizes DANS's efforts to develop a tool to help researchers comply with the GDPR when archiving data. It discusses: 1) Using DataTags as a starting point to provide recommendations for required data protections; 2) How relevant GDPR articles apply to data archives; 3) A proposed multi-step process to develop a decision tree and questionnaire to guide tagging; and 4) Next steps to refine the tool for implementation and continue development within EOSC. The goal is to support decisions on appropriate technical and organizational measures for respecting data protection principles like data minimization.
Working with Personal and Sensitive Research Data 12/11/20IzzyChad
This document provides guidance on working with personal and sensitive research data. It discusses the differences between personal and sensitive data, the rights of individuals whose data is being used in research, and the Open University's requirements around data protection, ethics approval, and information security. It then gives eight tips for managing personal research data, such as writing a data management plan, choosing secure storage, gaining valid consent, and protecting physical data. Resources for further information and guidance are provided.
Sabrina Kirrane works at Vienna University of Economics & Business. She discusses digital rights management from several perspectives including privacy, sustainability, data licensing, and data protection. Standardization is needed for policy languages to express permissions and obligations, as well as vocabularies to enable interoperability between systems regarding transparent data processing and compliance with legal obligations like GDPR.
This project received EU funding to develop machine-readable privacy policies for healthcare and genomics. The goals are to 1) identify and extend vocabularies for privacy and data protection, 2) facilitate translating natural language policies to digital formats, 3) build tools to help data subjects manage privacy preferences and controllers comply with GDPR, and 4) design a privacy negotiation mechanism. The hypotheses are that decentralized web technologies and open standards can achieve these goals by representing GDPR information and extending vocabularies. The case study will apply semantic web standards to govern access to health and genetic data.
Jane Gray - Data protection issues for organizations dri_ireland
Short presentation of the issues under discussion in Session 2 of the workshop "Data Protection Issues for Trusted Digital Repositories: Challenges and Solutions", which primarily examined the challenges facing data repositories in meeting ethical and legal requirements of archiving research data. This was presented on the 16th of January, 2014 at the "Data Protection Issues for Trusted Digital Repositories: Challenges and Solutions" at the Royal Irish Academy.
This document discusses using mind maps to help organizations comply with the General Data Protection Regulation (GDPR). It provides an overview of mind maps and GDPR. The document outlines a basic process for creating a mind map to understand an organization's data access issues and relationships. This includes brainstorming topics, sorting them by affinity, and reorganizing based on relationships. The goal is to help craft internal processes for GDPR compliance by visualizing data flows and access points across departments and systems. It recommends not underestimating complexity and notes the provider has tools to help through their partnership with LINQ Ltd.
Managing Your Research Data for Maximum Impact -Rob Daley 300616_SharedRob Daley
This document provides an overview of best practices for managing research data. It discusses why data management is important given changing policies from funders that require making data openly available. It outlines challenges for researchers in managing data and provides guidance on developing a data management plan to address issues like data types, access, storage, and long-term preservation. The document also covers topics like formatting data, addressing legal and ethical concerns, publishing and citing data, and tools like ORCID and DOIs to help maximize the impact of research data.
This document summarizes DANS's efforts to develop a tool to help researchers comply with the GDPR when archiving data. It discusses: 1) Using DataTags as a starting point to provide recommendations for required data protections; 2) How relevant GDPR articles apply to data archives; 3) A proposed multi-step process to develop a decision tree and questionnaire to guide tagging; and 4) Next steps to refine the tool for implementation and continue development within EOSC. The goal is to support decisions on appropriate technical and organizational measures for respecting data protection principles like data minimization.
Working with Personal and Sensitive Research Data 12/11/20IzzyChad
This document provides guidance on working with personal and sensitive research data. It discusses the differences between personal and sensitive data, the rights of individuals whose data is being used in research, and the Open University's requirements around data protection, ethics approval, and information security. It then gives eight tips for managing personal research data, such as writing a data management plan, choosing secure storage, gaining valid consent, and protecting physical data. Resources for further information and guidance are provided.
Sabrina Kirrane works at Vienna University of Economics & Business. She discusses digital rights management from several perspectives including privacy, sustainability, data licensing, and data protection. Standardization is needed for policy languages to express permissions and obligations, as well as vocabularies to enable interoperability between systems regarding transparent data processing and compliance with legal obligations like GDPR.
This project received EU funding to develop machine-readable privacy policies for healthcare and genomics. The goals are to 1) identify and extend vocabularies for privacy and data protection, 2) facilitate translating natural language policies to digital formats, 3) build tools to help data subjects manage privacy preferences and controllers comply with GDPR, and 4) design a privacy negotiation mechanism. The hypotheses are that decentralized web technologies and open standards can achieve these goals by representing GDPR information and extending vocabularies. The case study will apply semantic web standards to govern access to health and genetic data.
Jane Gray - Data protection issues for organizations dri_ireland
Short presentation of the issues under discussion in Session 2 of the workshop "Data Protection Issues for Trusted Digital Repositories: Challenges and Solutions", which primarily examined the challenges facing data repositories in meeting ethical and legal requirements of archiving research data. This was presented on the 16th of January, 2014 at the "Data Protection Issues for Trusted Digital Repositories: Challenges and Solutions" at the Royal Irish Academy.
This document discusses using mind maps to help organizations comply with the General Data Protection Regulation (GDPR). It provides an overview of mind maps and GDPR. The document outlines a basic process for creating a mind map to understand an organization's data access issues and relationships. This includes brainstorming topics, sorting them by affinity, and reorganizing based on relationships. The goal is to help craft internal processes for GDPR compliance by visualizing data flows and access points across departments and systems. It recommends not underestimating complexity and notes the provider has tools to help through their partnership with LINQ Ltd.
Managing Your Research Data for Maximum Impact -Rob Daley 300616_SharedRob Daley
This document provides an overview of best practices for managing research data. It discusses why data management is important given changing policies from funders that require making data openly available. It outlines challenges for researchers in managing data and provides guidance on developing a data management plan to address issues like data types, access, storage, and long-term preservation. The document also covers topics like formatting data, addressing legal and ethical concerns, publishing and citing data, and tools like ORCID and DOIs to help maximize the impact of research data.
This document describes the Data Privacy Vocabulary (DPV), which is being developed by a W3C Community Group to create taxonomies for terms related to privacy and data protection. The DPV models categories of personal data, purposes for data processing, technical and organizational measures, legal bases for processing, and other entities. The vocabulary is serialized in RDF, RDFS, and OWL. The DPV is meant to help represent policies, consent, and document personal data handling in compliance with regulations like the GDPR. The community group is expanding the vocabularies and welcoming feedback through GitHub and mailing lists.
COnSeNT 2021 - ODRL Profile for Expressing Consent through Granular Access Co...Beatriz Esteves
Solid, the emerging technology for organizing data in decentralized stores, relies on a simple authorization mechanism for granting access to data. Solid’s personal online datastores (Pods) are ideal for keeping personal data, as they allow individuals to represent the access permissions in a very simple manner using Access Control Language (ACL) expressions. Whereas these expressions suffice for yes/no and read/write permissions, they cannot represent more complex rules nor invoke regulation-specific concepts. This paper describes an extension of the ACL language and algorithm to implement consent and data requests. The extension is based on the Open Digital Rights Language (ODRL) policy language, which allows expressing rich rules, and the Data Privacy Vocabulary (DPV), which permits invoking privacy and data protection-specific terms. Some usage examples illustrate this proposal.
The General Data Protection Regulation (GDPR) that takes effect in May 2018 provides additional incentives for organizations to strengthen information security practices. It requires companies to notify regulators of data breaches within 72 hours and individuals if there is a high risk to their rights and freedoms. Non-compliance with GDPR could result in fines of up to 20 million euros or 4% of annual global turnover. The regulation supports proactive security measures like encryption and incident response plans to mitigate potential damage from breaches and demonstrate compliance.
W3C Data Privacy Vocabularies and Controls Community GroupSabrina Kirrane
This document announces the formation of the W3C Data Privacy Vocabularies and Controls Community Group (DPVCG). The DPVCG was initiated based on outputs from a May 2018 workshop including use cases, requirements, and the identification of existing relevant vocabularies. The goals of the DPVCG include defining a set of vocabularies to support data privacy concepts like those in the GDPR, and hosting future meetings in August and November 2018 to further their work.
B2FIND - How to find data objects and collections using EUDAT's B2FIND | www....EUDAT
| www.eudat.eu | B2FIND is a simple, user-friendly discovery service based on metadata steadily harvested from research data collections from EUDAT data centres and other repositories.
Interact 2018 - GDPR for digital publishers, digital agencies and advertisersIAB Europe
Held in Milan on 23-24 May, IAB Europe’s annual 2-day conference Interact 2018 featured a training by Matthias Matthiesen, Director Public Policy & Privacy and Chris Hartsuiker, Public Policy Officer, IAB Europe. Which provisions in the General Data Protection Regulation are the most relevant to digital publishers and advertisers? What is the guidance of the European Data Protection Board (former Article 29 Working party) on these topics? This training session, provided by IAB Europe will provide insight into applying the GDPR to the digital advertising supply chain.
Data Sharing Principles and Legal Interoperability for Essential Biodiversity...agosti
The document discusses principles of open data sharing and legal interoperability of research data. It provides summaries of the GEO Data Sharing Principles from 2005 and a proposed updated version from 2015. The principles advocate sharing data as open data by default without charge or reuse restrictions. Exceptions can be made for reasons of national security, endangered species protection, or other restrictions allowed by law. The document also summarizes proposed principles from RDA/CODATA on facilitating lawful access to research data while balancing various legal interests through transparent communication of rights.
GDPR offers chances to enhance trust in your organisation, by showing that data is safe with you. Chances to show you take social responsibility, transparency and privacy seriously. Chances to minimise the risks of identity fraud and data leaks.
We can help you with our pragmatic approach from our expertise in information security, processes and privacy law.
Do you want to be ready for GDPR on May 25th, 2018? Call or mail me.
r.kranendonk@rent-a-dpo.nl
+31 (0) 30 227 0960
+31 (0) 6 286 388 46
Data Protection Forum meetup 23052017 John M Walsh
The document discusses technologies that can help companies comply with the General Data Protection Regulation (GDPR). It describes tools from various vendors like SAP, Microsoft, IBM, Talend, and Informatica that can assist with data protection impact assessments, data governance, subject rights management, data masking, incident response, and compliance reporting. The presentation encourages attendees to contact the speaker if they have any other questions.
This document provides an overview of key legal issues non-profit organizations need to be aware of when operating their websites. It discusses what constitutes a website, identifying potential risks based on website purpose such as providing information or fundraising. It also covers legal requirements around data protection, electronic marketing, accessibility, and contractual risks. Potential risks include inaccurate information, data protection issues, and liability depending on website use and content.
Presentation slides from an NCVO webinar which took place on 18 October 2017.
Presentation by Gary Shipsey from Protecture, find out more about Protecture: https://www.protecture.org.uk/
View the webinar recording: https://youtu.be/D7wuDS4QZgQ
GDPR From Implementation to OpportunityDean Sappey
The document discusses the EU's General Data Protection Regulation (GDPR) which takes effect in May 2018. It outlines key aspects of GDPR including what constitutes personal data, the financial penalties for noncompliance, data subject rights, and the responsibilities of data controllers and processors. Organizations must design and implement their systems and processes with privacy in mind based on GDPR's principles in order to avoid penalties that could impact their revenues and reputation.
The document discusses optimal markets for hidden data detection and cleansing software. It finds that the education and legal industries are likely the best markets as they deal with confidential information, use Microsoft Office and PDF files heavily, focus on enterprise needs, understand the hidden data problem, and are primarily located in the US. Specifically, education institutions on average have over 2,600 documents and legal organizations have around 500 documents that could benefit from such software.
GDPR The New Data Protection Law coming into effect May 2018. What does it me...eHealth Forum
GDPR The New Data Protection Law coming into effect May 2018. What does it mean for hospitals?
Anthe Papageorgiou, Compliance Officer & Data Protection Officer at Henry Dunant Hospital Center
Ruth Geraghty - Data protection issues for research participants, depositors ...dri_ireland
Short presentation of the issues under discussion in Session 1 of the workshop "Data Protection Issues for Trusted Digital Repositories: Challenges and Solutions", with a focus on the interaction between ethics and legal requirements in regard to the protection of research data about the individual. This was presented on the 16th of January, 2014 at the "Data Protection Issues for Trusted Digital Repositories: Challenges and Solutions" at the Royal Irish Academy.
Transparent Personal Data Processing: The Road AheadSabrina Kirrane
The document discusses the SPECIAL project which aims to create a transparent personal data processing framework. It outlines the goals of providing users control over personal data and representing privacy policies in a machine-readable format. The objectives include building a scalable policy-aware linked data architecture to provide transparency on how data is processed and ensure compliance with the GDPR. Challenges addressed include ensuring interoperability across systems, integrity of the transparency ledger, and resolving the conflict between immutability and the right to erasure.
Iron Mountain® Policy Center Solution Enterprise EditionInfoGoTo
Policy Center Enterprise Edition combines subscription access to Policy Center, a cloud-based retention and privacy policy management platform, with expert Advisory Services to help you comply with existing and new regulations, such as the General Data Protection Regulation (GDPR). It helps you manage privacy and retention together, so you can know your retention and privacy obligations, and show compliance.
HURIDOCS faced four main challenges from 2009-2014: 1) making large human rights websites more searchable, 2) allowing databases to share information more openly, 3) improving case management tools, and 4) enhancing digital libraries. To address these, HURIDOCS designed customized architectures, implemented faceted search, enabled direct data publishing while protecting sensitive data, created the case management platform Casebox, and developed digital library tools. During this period, HURIDOCS grew from two staff members to ten across five continents, expanded its project partners from 150 to over 300, and increased its annual budget sevenfold while taking on new challenges like improving online security and participatory governance.
This document outlines challenges and solutions in human rights documentation that HURIDOCS addressed from 2009-2014. The challenges included making large human rights websites more searchable, sharing databases externally, case management, and creating digital libraries. Solutions involved improved architectures, faceted search, direct publishing of data, case management tools, and easy to use library tools. Over this period, HURIDOCS grew from two staff to ten across five continents, with increasing institutional donors and annual budgets. New challenges mentioned include creating flexible digital libraries, improving security of online tools, and expanding services while managing growth.
This document discusses best practices for preparing and sharing research data. It emphasizes obtaining proper consent from participants, performing a risk analysis to avoid re-identification, and considering appropriate sharing methods such as data repositories. Sharing data benefits the research community by encouraging new collaborations and validation of results, but must be balanced with obligations to protect participants and intellectual property. The document provides guidance on topics like data licensing, anonymization, and the policies of research institutions and journals regarding data sharing.
CINECA webinar slides: Status Update Code of Conduct: Teaming up & Talking ab...CINECAProject
Committed to the drafting of a Code of Conduct for the sector of health research according to Art. 40 GDPR, our initiative is advancing slowly but steadily. Throughout Europe, national jurisdictions differ to a great deal in their interpretations of the GDPR, especially in regard to its application in health research. This is due to some quite vague provisions (public interest, not incompatible clause) as wells as to numerous exemption/derogation clauses concerning the use of health data for research purposes, which encourage States to set up national rules – enhancing fragmentation. Notably, a Code of Conduct can help to bridge the harmonization gaps that may exist between Member States in their application of data protection law. On a practical level, a code is potentially a cost-effective method to achieve greater levels of consistency of protection as well as a mechanism to demonstrate compliance with the GDPR. By spring 2020, several hundred individuals representing around 90 organizations in the field of health research have indicated their interest and support for the Code of Conduct for Health Research. At this stage, this does not yet indicate an endorsement but means that they see a benefit in the development of such a code and are interested in partaking in the process. Additionally, several exchanges take place with national and sectoral codes in order to use synergies and finds ways for collaboration. This webinar is intended to inform you about the latest results.
The CINECA webinar series aims to discuss ways to address common challenges and share best practices in the field of cohort data analysis, as well as distribute CINECA project results. All CINECA webinars include an audience Q&A session during which attendees can ask questions and make suggestions. Please note that all webinars are recorded and available for posterior viewing. CINECA webinars include an audience Q&A session during which attendees can ask questions and make suggestions.
This webinar took place on 1st October 2020 and is part of the CINECA webinar series. It is best viewed in full screen mode using Google Chrome.
For previous and upcoming CINECA webinars see:
https://www.cineca-project.eu/webinars
This document describes the Data Privacy Vocabulary (DPV), which is being developed by a W3C Community Group to create taxonomies for terms related to privacy and data protection. The DPV models categories of personal data, purposes for data processing, technical and organizational measures, legal bases for processing, and other entities. The vocabulary is serialized in RDF, RDFS, and OWL. The DPV is meant to help represent policies, consent, and document personal data handling in compliance with regulations like the GDPR. The community group is expanding the vocabularies and welcoming feedback through GitHub and mailing lists.
COnSeNT 2021 - ODRL Profile for Expressing Consent through Granular Access Co...Beatriz Esteves
Solid, the emerging technology for organizing data in decentralized stores, relies on a simple authorization mechanism for granting access to data. Solid’s personal online datastores (Pods) are ideal for keeping personal data, as they allow individuals to represent the access permissions in a very simple manner using Access Control Language (ACL) expressions. Whereas these expressions suffice for yes/no and read/write permissions, they cannot represent more complex rules nor invoke regulation-specific concepts. This paper describes an extension of the ACL language and algorithm to implement consent and data requests. The extension is based on the Open Digital Rights Language (ODRL) policy language, which allows expressing rich rules, and the Data Privacy Vocabulary (DPV), which permits invoking privacy and data protection-specific terms. Some usage examples illustrate this proposal.
The General Data Protection Regulation (GDPR) that takes effect in May 2018 provides additional incentives for organizations to strengthen information security practices. It requires companies to notify regulators of data breaches within 72 hours and individuals if there is a high risk to their rights and freedoms. Non-compliance with GDPR could result in fines of up to 20 million euros or 4% of annual global turnover. The regulation supports proactive security measures like encryption and incident response plans to mitigate potential damage from breaches and demonstrate compliance.
W3C Data Privacy Vocabularies and Controls Community GroupSabrina Kirrane
This document announces the formation of the W3C Data Privacy Vocabularies and Controls Community Group (DPVCG). The DPVCG was initiated based on outputs from a May 2018 workshop including use cases, requirements, and the identification of existing relevant vocabularies. The goals of the DPVCG include defining a set of vocabularies to support data privacy concepts like those in the GDPR, and hosting future meetings in August and November 2018 to further their work.
B2FIND - How to find data objects and collections using EUDAT's B2FIND | www....EUDAT
| www.eudat.eu | B2FIND is a simple, user-friendly discovery service based on metadata steadily harvested from research data collections from EUDAT data centres and other repositories.
Interact 2018 - GDPR for digital publishers, digital agencies and advertisersIAB Europe
Held in Milan on 23-24 May, IAB Europe’s annual 2-day conference Interact 2018 featured a training by Matthias Matthiesen, Director Public Policy & Privacy and Chris Hartsuiker, Public Policy Officer, IAB Europe. Which provisions in the General Data Protection Regulation are the most relevant to digital publishers and advertisers? What is the guidance of the European Data Protection Board (former Article 29 Working party) on these topics? This training session, provided by IAB Europe will provide insight into applying the GDPR to the digital advertising supply chain.
Data Sharing Principles and Legal Interoperability for Essential Biodiversity...agosti
The document discusses principles of open data sharing and legal interoperability of research data. It provides summaries of the GEO Data Sharing Principles from 2005 and a proposed updated version from 2015. The principles advocate sharing data as open data by default without charge or reuse restrictions. Exceptions can be made for reasons of national security, endangered species protection, or other restrictions allowed by law. The document also summarizes proposed principles from RDA/CODATA on facilitating lawful access to research data while balancing various legal interests through transparent communication of rights.
GDPR offers chances to enhance trust in your organisation, by showing that data is safe with you. Chances to show you take social responsibility, transparency and privacy seriously. Chances to minimise the risks of identity fraud and data leaks.
We can help you with our pragmatic approach from our expertise in information security, processes and privacy law.
Do you want to be ready for GDPR on May 25th, 2018? Call or mail me.
r.kranendonk@rent-a-dpo.nl
+31 (0) 30 227 0960
+31 (0) 6 286 388 46
Data Protection Forum meetup 23052017 John M Walsh
The document discusses technologies that can help companies comply with the General Data Protection Regulation (GDPR). It describes tools from various vendors like SAP, Microsoft, IBM, Talend, and Informatica that can assist with data protection impact assessments, data governance, subject rights management, data masking, incident response, and compliance reporting. The presentation encourages attendees to contact the speaker if they have any other questions.
This document provides an overview of key legal issues non-profit organizations need to be aware of when operating their websites. It discusses what constitutes a website, identifying potential risks based on website purpose such as providing information or fundraising. It also covers legal requirements around data protection, electronic marketing, accessibility, and contractual risks. Potential risks include inaccurate information, data protection issues, and liability depending on website use and content.
Presentation slides from an NCVO webinar which took place on 18 October 2017.
Presentation by Gary Shipsey from Protecture, find out more about Protecture: https://www.protecture.org.uk/
View the webinar recording: https://youtu.be/D7wuDS4QZgQ
GDPR From Implementation to OpportunityDean Sappey
The document discusses the EU's General Data Protection Regulation (GDPR) which takes effect in May 2018. It outlines key aspects of GDPR including what constitutes personal data, the financial penalties for noncompliance, data subject rights, and the responsibilities of data controllers and processors. Organizations must design and implement their systems and processes with privacy in mind based on GDPR's principles in order to avoid penalties that could impact their revenues and reputation.
The document discusses optimal markets for hidden data detection and cleansing software. It finds that the education and legal industries are likely the best markets as they deal with confidential information, use Microsoft Office and PDF files heavily, focus on enterprise needs, understand the hidden data problem, and are primarily located in the US. Specifically, education institutions on average have over 2,600 documents and legal organizations have around 500 documents that could benefit from such software.
GDPR The New Data Protection Law coming into effect May 2018. What does it me...eHealth Forum
GDPR The New Data Protection Law coming into effect May 2018. What does it mean for hospitals?
Anthe Papageorgiou, Compliance Officer & Data Protection Officer at Henry Dunant Hospital Center
Ruth Geraghty - Data protection issues for research participants, depositors ...dri_ireland
Short presentation of the issues under discussion in Session 1 of the workshop "Data Protection Issues for Trusted Digital Repositories: Challenges and Solutions", with a focus on the interaction between ethics and legal requirements in regard to the protection of research data about the individual. This was presented on the 16th of January, 2014 at the "Data Protection Issues for Trusted Digital Repositories: Challenges and Solutions" at the Royal Irish Academy.
Transparent Personal Data Processing: The Road AheadSabrina Kirrane
The document discusses the SPECIAL project which aims to create a transparent personal data processing framework. It outlines the goals of providing users control over personal data and representing privacy policies in a machine-readable format. The objectives include building a scalable policy-aware linked data architecture to provide transparency on how data is processed and ensure compliance with the GDPR. Challenges addressed include ensuring interoperability across systems, integrity of the transparency ledger, and resolving the conflict between immutability and the right to erasure.
Iron Mountain® Policy Center Solution Enterprise EditionInfoGoTo
Policy Center Enterprise Edition combines subscription access to Policy Center, a cloud-based retention and privacy policy management platform, with expert Advisory Services to help you comply with existing and new regulations, such as the General Data Protection Regulation (GDPR). It helps you manage privacy and retention together, so you can know your retention and privacy obligations, and show compliance.
HURIDOCS faced four main challenges from 2009-2014: 1) making large human rights websites more searchable, 2) allowing databases to share information more openly, 3) improving case management tools, and 4) enhancing digital libraries. To address these, HURIDOCS designed customized architectures, implemented faceted search, enabled direct data publishing while protecting sensitive data, created the case management platform Casebox, and developed digital library tools. During this period, HURIDOCS grew from two staff members to ten across five continents, expanded its project partners from 150 to over 300, and increased its annual budget sevenfold while taking on new challenges like improving online security and participatory governance.
This document outlines challenges and solutions in human rights documentation that HURIDOCS addressed from 2009-2014. The challenges included making large human rights websites more searchable, sharing databases externally, case management, and creating digital libraries. Solutions involved improved architectures, faceted search, direct publishing of data, case management tools, and easy to use library tools. Over this period, HURIDOCS grew from two staff to ten across five continents, with increasing institutional donors and annual budgets. New challenges mentioned include creating flexible digital libraries, improving security of online tools, and expanding services while managing growth.
This document discusses best practices for preparing and sharing research data. It emphasizes obtaining proper consent from participants, performing a risk analysis to avoid re-identification, and considering appropriate sharing methods such as data repositories. Sharing data benefits the research community by encouraging new collaborations and validation of results, but must be balanced with obligations to protect participants and intellectual property. The document provides guidance on topics like data licensing, anonymization, and the policies of research institutions and journals regarding data sharing.
CINECA webinar slides: Status Update Code of Conduct: Teaming up & Talking ab...CINECAProject
Committed to the drafting of a Code of Conduct for the sector of health research according to Art. 40 GDPR, our initiative is advancing slowly but steadily. Throughout Europe, national jurisdictions differ to a great deal in their interpretations of the GDPR, especially in regard to its application in health research. This is due to some quite vague provisions (public interest, not incompatible clause) as wells as to numerous exemption/derogation clauses concerning the use of health data for research purposes, which encourage States to set up national rules – enhancing fragmentation. Notably, a Code of Conduct can help to bridge the harmonization gaps that may exist between Member States in their application of data protection law. On a practical level, a code is potentially a cost-effective method to achieve greater levels of consistency of protection as well as a mechanism to demonstrate compliance with the GDPR. By spring 2020, several hundred individuals representing around 90 organizations in the field of health research have indicated their interest and support for the Code of Conduct for Health Research. At this stage, this does not yet indicate an endorsement but means that they see a benefit in the development of such a code and are interested in partaking in the process. Additionally, several exchanges take place with national and sectoral codes in order to use synergies and finds ways for collaboration. This webinar is intended to inform you about the latest results.
The CINECA webinar series aims to discuss ways to address common challenges and share best practices in the field of cohort data analysis, as well as distribute CINECA project results. All CINECA webinars include an audience Q&A session during which attendees can ask questions and make suggestions. Please note that all webinars are recorded and available for posterior viewing. CINECA webinars include an audience Q&A session during which attendees can ask questions and make suggestions.
This webinar took place on 1st October 2020 and is part of the CINECA webinar series. It is best viewed in full screen mode using Google Chrome.
For previous and upcoming CINECA webinars see:
https://www.cineca-project.eu/webinars
Librarian RDM Training: Ethics and copyright for research dataRobin Rice
This document provides an overview of ethics and copyright as they relate to research data management. It discusses ethical requirements for collecting human subject data, including obtaining consent and protecting privacy and confidentiality. Certain types of research may be exempt from ethics review. Intellectual property rights can apply to research data depending on the level of creativity in the data's collection and organization. Data licensing is an alternative to asserting copyright that allows explicitly defining how data can be used.
An itinerary for FAIR and privacy respecting data-driven innovation and researchMarlon Domingus
My talk for the National eScience Symposium 2017 in the Internet of Things track, October 12 2017.
TALK: An itinerary for FAIR and privacy respecting data-driven innovation and research
ABSTRACT: The big picture of the complex landscape of e-science, technology, legal and ethical responsibilities addressed. How to apply privacy values and responsibilities to new technological platforms like the IoT? Can we find an approach that ensures a high level of privacy protection and at the same time supports the interest of researchers and increase innovation? A practical recap of the most important recommendations for researchers creating collaborations and infrastructures.
This document discusses legal and ethical issues related to data sharing. It covers rights and copyright regarding data, how to address ethics when sharing personal data under GDPR, and obtaining consent from participants. Guidelines are provided for discovering and accessing shared data from repositories. Questions about data sharing are welcomed.
Legal and ethical considerations for sharing research dataOpenAIRE
Irena Vipavc Brar ( Social Sciences Data Archives / CESSDA)
Aimed at researchers in social sciences, but of interest for other fields as well, Irena Vipavc Brar gives an overview of the most important legal and ethical considerations when sharing research data. She discusses the implications of GDPR for scientific research, informed consent and ethical aspects of dealing with personal data, and legal issues.
Links: https://www.cessda.eu/Research-Infrastructure/Training/Expert-Tour-Guide-on-Data-Management
Anne Cameron - An Introduction to the Data Protection Act for Researcherskclcompbio
This document provides an overview of the UK Data Protection Act for researchers. It discusses what constitutes personal and sensitive data, the responsibilities of data controllers and subjects, and the 8 data protection principles. Researchers must obtain proper consent, securely store data, only retain it as long as necessary, and ensure proper reuse and destruction. Anonymization and sharing data requires careful handling. The university's policies on research governance, ethics, information security and records management must also be followed. Failure to comply with these standards could result in sanctions from the Information Commissioner's Office.
The document discusses incentive mechanisms for privacy-preserving Internet of Things (IoT). It addresses common misconceptions about privacy in IoT and discusses how incentive mechanisms can encourage user participation while balancing privacy and accuracy. Specifically, it notes that incentive mechanisms, like reverse auctions, are needed to attract crowdsensing users to contribute data. However, these mechanisms must also consider users' varying privacy levels and how coalitions can impact privacy. The document examines how user contributions, payoffs, and coalitions should be handled to optimize this accuracy-privacy tradeoff.
This document provides an overview of making research data open and preparing it for sharing. It discusses why data should be shared, including benefits like innovation, transparency and increased citations. It covers funder and publisher policies requiring data sharing. Key points on preparing data for sharing include adding metadata and documentation, using open file formats, and considering intellectual property rights and licensing. The document also discusses ethical issues around informing participants and seeking consent, as well as new GDPR requirements.
This document provides an overview of research data sharing, including why data should be shared, how to prepare data for sharing, considerations around rights and ethics, and reusing shared data. The key points covered are the benefits of sharing data, funder and publisher policies requiring data plans and sharing, preparing data by adding documentation and using open formats, obtaining informed consent, and where to find shared data for reuse.
ESOMAR published the rst Code of Marketing and Social Research Practice in 1948. In subsequent years, a number of national bodies published their own codes.
In 1976, ESOMAR and ICC – who had a related international code stemming from their Global Marketing and Advertising Code of Conduct – agreed that it would be preferable to have a single international code. A joint ICC/ESOMAR Code was published the following year. This 1977 code was revised and updated in 1986, 1994 and, most recently, in 2007. More than 60 associations in over 50 countries have adopted or endorsed it.
------------------------
ICC (the International Chamber of Commerce) is the world’s largest business organization with a network of over 6.5 million members in more than 130 countries.
ESOMAR is the global voice of the data, research and insights community, speaking on behalf of over 4900 individual professionals and 500 companies who provide or commission data analytics and research in more than 130 countries, all of whom agree to uphold the ICC/ESOMAR International Code.
20170530_Open Research Data in Horizon 2020OpenAIRE
This document discusses open research data in Horizon 2020 projects. It provides an overview of the OpenAIRE network, the European Commission's open access mandate, and requirements for open research data under Horizon 2020. Projects starting in 2017 are included in the open data policy by default and must make their data openly available. Reasons for opting out of open data requirements are also presented.
workshop session delivered alongside 'Making your thesis legal' workshop in July and September 2013 to PhD, MPhil, DrPh students who are completing their thesis. Discusses standards for sharing data, issues that need addressing, formats, data protection, usability, licenses
Rss characteristics of good data governance - data trusts - peter w - 2019-...Peter Wells
The document discusses data trusts and other approaches for increasing access to data while maintaining trust. It summarizes the results of three pilot projects testing data trusts. The pilots found that data trusts require careful design and clear purpose to balance competing interests. While data trusts show potential for enabling data sharing, further research is needed to fully understand their applications and limitations compared to other approaches. The document recommends exploring a range of access models and providing guidance to help organizations implement appropriate solutions.
The Spanish Open Research Data Network. Lessons learnedmaredata
This document summarizes a presentation about Maredata, a Spanish network focused on open research data management. The network brings together Spanish research teams working on topics like interoperability, access, preservation, and open data policies. It aims to coordinate these groups, avoid duplications in research, and promote transparency. The benefits of open research data discussed include increased collaboration, validation of results, and transparency. Future areas of focus for the network include identifying discipline-specific research data management needs, exploring open health data, and addressing issues like data protection, quality, and ethics.
Launch of ODI 2019 data trust pilots workPeter Wells
Slidedeck from April 2019 launch of ODI data trust pilots work, includes slides from ODI team, Involve, Comms Chambers, Chris Reed, Nabeel Ahmed from OpenNorth and Sylvie Delacroix
rights and responsibilities
privacy by design strategies
privacy principles
privacy enhancing technologies (PETs)
big data concerns
private, shared and public - boundary transitions
data protection impact assessment (DPIA)
cross border data transfers
derogations for research
Securing, storing and enabling safe access to dataRobin Rice
Invited talk as part of Westminster Insight Research Data Management Forum, https://www.westminsterinsight.co.uk/event/3416/Research_Data_Management_Forum
The art of depositing social science data: maximising quality and ensuring go...Louise Corti
The document provides guidance for depositing data into a research data repository. It discusses incentivizing researchers to share data, developing data policies, reviewing data for quality and disclosure risks, preparing documentation, assigning licenses, and providing support to depositors. The role of the repository manager is to work with depositors to prepare data according to best practices and the repository's standards to ensure long-term preservation and access.
This document discusses several topics related to data ethics and privacy laws:
1. It examines the ethical and legal considerations around data collection from the Internet of Things and big data, as well as individuals' privacy rights.
2. It provides an overview of the General Data Protection Regulation (GDPR) which takes effect in 2018 and restricts personal data transfers outside the EU.
3. It notes recommendations for higher education institutions around implementing learning analytics systems, including obtaining student consent and having clear data policies to address privacy, security, and use of data.
Similar to UX Bristol 2019 Lightning talk - Tips to develop a user-centred GDPR policy (20)
Corporate Governance : Scope and Legal Frameworkdevaki57
CORPORATE GOVERNANCE
MEANING
Corporate Governance refers to the way in which companies are governed and to what purpose. It identifies who has power and accountability, and who makes decisions. It is, in essence, a toolkit that enables management and the board to deal more effectively with the challenges of running a company.
सुप्रीम कोर्ट ने यह भी माना था कि मजिस्ट्रेट का यह कर्तव्य है कि वह सुनिश्चित करे कि अधिकारी पीएमएलए के तहत निर्धारित प्रक्रिया के साथ-साथ संवैधानिक सुरक्षा उपायों का भी उचित रूप से पालन करें।
The presentation deals with the concept of Right to Default Bail laid down under Section 167 of the Code of Criminal Procedure 1973 and Section 187 of Bharatiya Nagarik Suraksha Sanhita 2023.
Safeguarding Against Financial Crime: AML Compliance Regulations DemystifiedPROF. PAUL ALLIEU KAMARA
To ensure the integrity of financial systems and combat illicit financial activities, understanding AML (Anti-Money Laundering) compliance regulations is crucial for financial institutions and businesses. AML compliance regulations are designed to prevent money laundering and the financing of terrorist activities by imposing specific requirements on financial institutions, including customer due diligence, monitoring, and reporting of suspicious activities (GitHub Docs).
Business law for the students of undergraduate level. The presentation contains the summary of all the chapters under the syllabus of State University, Contract Act, Sale of Goods Act, Negotiable Instrument Act, Partnership Act, Limited Liability Act, Consumer Protection Act.
2. What is
GDPR?
@people4research
The General Data Protection
Regulation (GDPR) is a legal
framework that sets guidelines for
the collection and processing of
personal information from
individuals who live in the
European Union (EU).
4. Four pillars
of privacy
by design
@people4research
• Define your audience with GDPR in
mind
• Define your legal grounds for
processing
• Define what data you are capturing
• Define how you are storing and
processing this data
8. @people4research
Useful links
• ICO website
https://ico.org.uk/for-organisations/
• Lawful basis for processing
ICO guidance
• People for Research blog
https://www.peopleforresearch.co.uk/blog/
Working with Ben Cubbon and Nic Price, who have done workshops at UX Bristol using this same framework, helped is realise how participants experience the research process. I also recently did a workshop with Jess Lewes, Business Development Director at PFR, where we used this framework to demonstrate how early in the process user needs come into play, but also how early you start collecting data about your users.
Define your audience with GDPR in mind – not just demographics and personas, but think: Are they your customers? Are you already collecting their data? Are they aware of this? Or are you going outside of your customer data to find other users?
Define your legal grounds for processing – there are six legal grounds for processing, one of them being informed consent. If you’re not sure how to define this, the ICO has a checklist and online interactive tool that you can use - https://ico.org.uk/for-organisations/gdpr-resources/lawful-basis-interactive-guidance-tool/ / Make sure you get it right the first time - you should not swap to a different lawful basis, especially if you’ve started this journey using consent as your basis.
What data are you capturing? GDPR protects all identifiable data that can be linked to a living individual. During primary user research, it’s essential to list the information you need to capture. This is likely to include basic data like full name, contact details, postcode, etc. – but maybe special data as well, which includes information like health conditions, ethnicity or, specifically in the UK, criminal record. Informed consent doesn’t cover this data, so you need to get special consent to process these details everytime you ask about them.
Define how you are storing and processing this data – this could include online forms, audio or visual recordings, offline paper forms – as well as how you share it and who can access it.
Ensure your privacy policies are available
Access to data has been agreed within your team
Try to keep your data anonymised or pseudonymised when possible
Using third party platforms to store or manage data or communicate with the users? Make sure they comply with GDPR or are members of the Privacy Shield.
Pseudonymise research notes and audio/video recordings, as well as anything else you may share with the end client/agency/other teams
When conducting online surveys anonymise user data collection by not capturing personal details if not necessary, as well as IP, GeoLocation and switching off audience profiling analytics.
For all research, always inform participants of your privacy policies or where they can access them.
Make sure data is safely stored and anonymised, where possible. If not anonymised, make sure it’s encrypted or password protected if digital or locked with restricted access if physical.
Shred any unnecessary physical documents that contain personal data – this reduces risks in case of a data breach.
Remember to revoke access to shared documents containing personal data – or if using a platform like Sharepoint, set up an expiry date on the shared document.
If you have any questions, email gdpr@peopleforresearch.co.uk