Table 2 Requirement clusters
Name of cluster | Requirement tables | Description |
|---|---|---|
Data protection/privacy | General data protection requirements applicable to data bridges; conditions, which must be fulfilled in order to legally process personal data. | |
Table 1 Requirements for animal data and other data | Requirement in relation to: • Deletion of personal data. • Anonymising of personal data. • Obtaining consent from the research subject / researcher | |
Table 2 Potential identification risk for human research subjects | Requirement in relation to: • Removing metadata • Removing data on an image • Altering the image • Link between biosamples and data has to be protected. • Identification risk has to be checked after data merging • Re-identification risk based on genetic data. | |
Table 3 Pseudonymous human data | Requirement in relation to: • Obtaining informed consent from the research subject • Checking current Informed consent. • Right to be informed | |
Table 4 Anonymous human data | Requirement in relation to: • Verifying the re-identification risk | |
Data security | Data security issues with a focus on access control; measures to protect data from possible outsider attacks, as well as from re-identification attempts | |
Table 5 Requirements for getting access to data/biosamples | Requirement in relation to: • Data Access Committee Approval • Research Ethics Committee Approval • Renew Consent • Anonymising data • Material Transfer Agreement | |
Table 6 Requirements for linking and sharing restricted access data and open access data | Requirement in relation to: • Different Access Tiers • Authentication/Authorization system • Audit trail • Secure data transfer (e.g. via encryption) • Approval for the use/processing of data • Approval for redistribution/sharing • Identifying data/personal data should be stored separately • Limitation of use • Removal of data • Regular backup of database | |
Intellectual property and licences | Prevention of the infringement of intellectual property rights needs to be fulfilled in order to protect intellectual property rights within data bridges | |
Table 7 Overview of the IP requirements cluster | Requirement in relation to: • Data and metadata encryption • Data access agreement • License agreement • Limited liability statement • Material transfer agreement • Non-disclosure agreement • Disposal of biological samples/material • Removal of identifying metadata • Temporary embargo of data sharing • User authentication • Data labelled as 'restricted' • Staff awareness | |
Security of biosamples | Security issues concerning biobanking, measures that have to be taken to securely use and share biosamples | |
Table 8 Requirements concerning the security of biosamples | Requirement in relation to: • Delete personal/identifying data • Renew consent • Get specific consent • Get broad consent • Get Research Ethics Committee approval • Approval from a relevant regulatory body/authority (concerning biobank research) • Data Access request • Negotiate Material Transfer Agreement • Anonymisation of data • Approval from a relevant regulatory body/authority responsible for data transfer • Data Access request • Personal and Identifying data should be stored separately • Remove researchers’ personal data • Ask researcher to publish personal data |