Skip to main content

Table 2 Requirement clusters

From: Legal assessment tool (LAT): an interactive tool to address privacy and data protection issues for data sharing

Name of cluster

Requirement tables


Data protection/privacy


General data protection requirements applicable to data bridges; conditions, which must be fulfilled in order to legally process personal data.


Table 1 Requirements for animal data and other data

Requirement in relation to:

• Deletion of personal data.

• Anonymising of personal data.

• Obtaining consent from the research subject / researcher


Table 2 Potential identification risk for human research subjects

Requirement in relation to:

• Removing metadata

• Removing data on an image

• Altering the image

• Link between biosamples and data has to be protected.

• Identification risk has to be checked after data merging

• Re-identification risk based on genetic data.


Table 3 Pseudonymous human data

Requirement in relation to:

• Obtaining informed consent from the research subject

• Checking current Informed consent.

• Right to be informed


Table 4 Anonymous human data

Requirement in relation to:

• Verifying the re-identification risk

Data security


Data security issues with a focus on access control; measures to protect data from possible outsider attacks, as well as from re-identification attempts


Table 5 Requirements for getting access to data/biosamples

Requirement in relation to:

• Data Access Committee Approval

• Research Ethics Committee Approval

• Renew Consent

• Anonymising data

• Material Transfer Agreement


Table 6 Requirements for linking and sharing restricted access data and open access data

Requirement in relation to:

• Different Access Tiers

• Authentication/Authorization system

• Audit trail

• Secure data transfer (e.g. via encryption)

• Approval for the use/processing of data

• Approval for redistribution/sharing

• Identifying data/personal data should be stored separately

• Limitation of use

• Removal of data

• Regular backup of database

Intellectual property and licences


Prevention of the infringement of intellectual property rights needs to be fulfilled in order to protect intellectual property rights within data bridges


Table 7 Overview of the IP requirements cluster

Requirement in relation to:

• Data and metadata encryption

• Data access agreement

• License agreement

• Limited liability statement

• Material transfer agreement

• Non-disclosure agreement

• Disposal of biological samples/material

• Removal of identifying metadata

• Temporary embargo of data sharing

• User authentication

• Data labelled as 'restricted'

• Staff awareness

Security of biosamples


Security issues concerning biobanking, measures that have to be taken to securely use and share biosamples


Table 8 Requirements concerning the security of biosamples

Requirement in relation to:

• Delete personal/identifying data

• Renew consent

• Get specific consent

• Get broad consent

• Get Research Ethics Committee approval

• Approval from a relevant regulatory body/authority (concerning biobank research)

• Data Access request

• Negotiate Material Transfer Agreement

• Anonymisation of data

• Approval from a relevant regulatory body/authority responsible for data transfer

• Data Access request

• Personal and Identifying data should be stored separately

• Remove researchers’ personal data

• Ask researcher to publish personal data

  1. Five requirement clusters were created containing eight requirement tables connecting requirements with constraints and protection measures