Data protection

Data set reference and name


Data are the “raw materials” with which an evaluation is built. Evaluation data are systematically collected information relevant to the project that will be used in assessing objectives of the program.


Evaluation data can come from the content of surveys, questionnaires and interviews, tallies from logs, information from scales and self-assessments. Data collection itself involves administering instruments as well as gathering and organizing responses and measures for analysis.


Data set description


To achieve the objectives of the program there is a need of two types of data.



TYPE1: Data without references to human subject


An Authentication and Authorisation infrastructure will be built to control and protect the project data repository.



TYPE 2: Personal data and privacy issues


Data privacy refers to the standards surrounding the protection of personal data. Personal data can be defined as any information relating to a research subject, which can lead to the identification, either directly or indirectly, of that subject. Evaluation data with reference to personal information which make a unambiguous assignment of a person possible such as: First and last name, Full birthday (Month, Day, Year) , E-Mail Address, Telephone number or other identifier Ex: Insurance number, National number, etc. , are to be protected and must get their commitment prior to collection.


Standards and metadata


Referring to ICH Guideline for Good Clinical Practice (GCP) states, “The confidentiality of records that could identify personal data should be protected, respecting the privacy and confidentiality rules in accordance with applicable regulatory requirement(s).”


Privacy protection afforded to research subjects include:


  • Right to informed consent
  • Right of the individual to withdraw consent
  • Right to notice of disclosure
  • Confidential collection and submission of data


Minimum Standards


  • Education of all personnel who directly or indirectly handle personally identifiable data
  • Designing of data collection instruments with the minimum subject identifiers needed including the design of survey, databases, data transfer specifications and any other area of data collection that may contain personal information.
  • If identified, anonyms or otherwise address documentation submitted to data management that contains any additional subject identifiers other than those used to link the documentation to a database record.
  • Ensure ongoing review and updating of data management processes to ensure consistency.


Methods for protection and confidentiality of identifier:


1. Anonymisation 


Irrevocable anonymisation of personal data puts it outside data protection requirements as the data can no longer be linked to an individual and therefore cannot be considered to be personal data. Ideally such anonymisation of data for research purposes should be an automatic process performed as patient data is processed through IT or manual systems, whichever is the case. Where personal data is anonymised, there is no need from a data protection perspective to seek the consent of human subject for the use of the data for research purposes.


2. Pseudonymisation


Equally, it is recognised that the need to link episodes of care and prevent duplication of data in research, in some instances, requires that information may need to be capable of being matched or linked. This can be achieved through appropriate pseudonymisation (e.g., use of initials, coding) methods without the need to retain all identifying characteristics with the data.
Where sufficient measures are put in place to ensure that personal data is not accessible or likely to be identifiable by parties external to the data controller.