The content on this page was updated in September 2021. Please note that we will be updating these pages continuously.
Pursuant to the General Data Protection Regulation (information duty), you must provide the participants (also referred to as the data subjects) in your research project with information about how you will be processing their personal data. AU has two templates that you can use to meet your information duty.
You can use these templates in situations in which your legal basis for processing personal data is that it is for 'scientific research purposes' (i.e. if you do not base your legal basis for processing on consent). Before processing personal data, you must determine whether Aarhus University is an independent data controller or a joint controller together with an external party.
You can find a guide to fill out the information duty in the template.
If you are to disclose personal data based on the legal basis for scientific research purposes, please note that special rules apply to obtaining a disclosure declaration or, in some cases, permission from Danish Data Protection Agency.
Personal data may be processed if the processing takes place exclusively for scientific or statistical purposes, and if the processing is necessary for the research.
Please note that scientific research purposes cannot be used as a legal basis for the processing of personal data in an educational context.
You may only disclose special categories (sensitive) of personal data with a view to publishing if you have received the Danish Data Protection Agency's approval to do so. Disclosure of general personal data with a view to publishing can take place if necessary, and the personal data is pseudonymised.