In Denmark, we have the data minimization principle. This means that processing, including storage of information, must be limited to what is necessary to fulfill the research purpose. As a researcher, however, you should be aware that this principle should not compromise the quality of research, and therefore it should be included as part of the dialogue with the data provider.
It is also important that your application is formulated clearly and precisely to give an overview of which data you require. This overview should also help to create an understanding of whether more than one approval is needed in your application process. Depending on your project, you may need several approvals – For example, if the project links data from several different registers together.
In addition, an inaccurate application may drag out the project, as you are required to correct your errors until the application can be approved. Therefore, you can advantageously spend extra time on your application and protocol in the start-up phase, in order to save time later in the process.
You can read more about both the obligation in relation to health data and the preparation of the application and protocol at the following links: (Please be aware that all links are in Danish).
Obligations related to data protection
Templates and help with application and protocol
The Good Process
It is important to consider the chronology of your application before embarking on the application process. The consideration ensures, that your time is utilized in the best possible way. It is not possible to obtain health data from the data providers if the necessary approvals are not in place. Therefore, you can advantageously start collecting approvals from the right authorities as soon as there is an overview of what data you need. In addition, you can simultaneously register the project with regional research records as well as submit your application for approval of the project with the ethics committees (VEK, NVK and VMK).
At The Guidance Function, we can assist you with first-level support. For instance, we can help you form an overview of the chronology and the considerations of your application process.
As a researcher, you must understand your role and the responsibilities you carry. The researcher is responsible for ensuring the correct completion of the application, and that the necessary approvals are in place. In addition, it must also be stated how data is to be processed, on which platform and not least, how data security is handled. Here, it is especially important that you familiarize yourself with the legislation in this area in order to store and use sensitive data in the correct maner.
Therefore, it is also important to understand how to distinguish between the role of data controller and data processor, as these entail different requirements and degrees of responsibility.
In brief, the data controller decides why and how the personal data is processed. A data processor, on the other hand, is the person who processes personal data on behalf of the data controller – i.e. following an instruction from the data controller.
To establish the necessary overview, we recommend that beside the protocol, you also prepare a data management plan, and a statistical analysis plan. Your regional research support function can assist you in preparing these. Please follow the link to the Danish Data Protection Agency, where you can read about correct data processing as well as a link to a description and division of the two above-mentioned roles: (Please be aware that all links are in Danish).
Help and instructions for protocol
Data processing and the different roles
Authorities & Processing Times
Depending on the research project, the approving authority differs. However, the research project must, as a starting point, always be approved by the institution responsible for data. Further approvals depend on the type of data you want access to, what purpose it is used for, whether the data is personally identifiable data, and lastly whether the use of data requires patient consent or not.
Please be aware that there are different processing times at the respective authorities depending on which service you need. At the Guidance Function, we can help find with information on processing times for the various data providers and authorities.
Read more on the Application, where you can also find useful links in relation to approval and processing times: (Please be aware that the links are in Danish).