Register a biobank or database for future research in which AU is data controller

Here, you can register a biobank or a database for future research in a specific scientific area in which AU is data controller.

Guide

Here you can find a written guide on how to register a biobank or database via the notification form.

Instructions

Here you can find a copy of the instructions you receive after registration.

1. Introduction

To have your biobank/database registered in the AU record, we need information about you and your research purpose.

Please note that:

• It is your responsibility to ensure that the information is correct and in accordance with the actual circumstances.

• In some cases, you will have to elaborate on the information you give us. This will be stated on the form.

• Your registration is only submitted once you have completed all parts of the registration form and clicked 'submit'. You will then receive a copy of the registration at the email address you provided on the form.

• The biobank/database will not be registered until you have been assigned a serial number and received a confirmation letter.

• The confirmation letter is only documentation that your project has been included in the AU record. It is not an approval of your research.

2. Contact Person

1. AU ID of contact person (AUXXXXXX)*

2. Name of contact person*

3. AU email address of contact person*

4. Faculty/unit*

5. Department/school/centre*

6. Internal file no./reference (e.g. local project number, Statistics Denmark project no. etc.)

3. Processing

7. What would you like to register?*

A biobank (wet data and possibly derived dry data)

A database (dry data)

8. Title (name) of biobank or database*

9. Purpose of biobank or database*

10. Enter the start date for the processing of personal data*

11. Enter the expected end date for the processing personal data*

You must provide an end date even if you do not know the exact date. This will enable us to help you follow up. It is important that you document in writing your assessment of any storage periods.

5. Data sources and processing security

State the data sources in your research project. State where you collected the personal data.

Data sources

15. What data sources are you using?*

From the data subject (the person whose data is processed)

From the data subject and other sources (elaborate in question 15a below)

From sources other than the data subject (elaborate in question 15a below)

15a Elaborate

Security of processing

The measures you should take to protect personal data depend on the type of data in question, the numbers involved, and who you process data about. Example:
• Technical measures, such as storing the data on a secure server, encryption and pseudonymisation.
• Organisational measures, such as rights management and training.

16. What measures have you taken/are you planning to take to protect the personal data?*

6. Sharing

State here whether you need to share personal data with others who are not employees at AU. Remember that you must have an agreement with the party with whom you will be sharing personal data. The Technology Transfer Office (tto@au.dk) can help you negotiate the agreement.

Please note that the sharing of personal data may require authorisation from the Danish Data Protection Agency. Find guidance at www.au.dk/gdpr/research

If you are using a research machine, for example the research machine at Statistics Denmark, note that you are using a data processor for AU.

Disclosure

17. Will personal data from the biobank or database be disclosed to other independent data controllers?*

Yes, other research institutions will be able to use the data for their research

No, the data will only be used for research at AU

If you have ticked 'Yes' in question 17, remember that you must have a policy for disclosure in place, and you must update the AU record at appropriate intervals with an indication of who the personal data has been disclosed to. Read about your other obligations in connection with disclosure at www.au.dk/gdpr/research.
For example, you may be required to obtain permission from the Danish Data Protection Agency.

Data processor

18. Do you need a data processor?*

Yes (elaborate in question 18a)

No (proceed to question 19)

18a. Elaborate

Transfer

19. Will you be sharing personal data with someone outside the EU/EEA or an international organisation?*

Yes (elaborate in question 19a.)

No (proceed to question 20)

Note that sharing personal data with a party outside the EU/EEA or an international organisation requires a basis for transfer and possibly authorisation from the Danish Data Protection Agency.

19a. Elaborate

Shared data responsibility

20. Is AU part of a shared data responsibility?*

Yes (elaborate in question 20a.)

No (go to the next tab)

20a. Elaborate

7. Agreements

State the agreement number or submit a copy of the agreement if you are using a data processor or are part of a shared data responsibility.

21. State the agreement number (or submit the agreement in question 22)

22. Submit documentation

8. Basis for processing

Processing personal data requires that you have a valid legal basis for processing the data (legal authority).

23. On what legal basis are you processing personal data?*

Specific research purpose (section 10 of the Danish Data Protection Act with Article 6(1)(e) and Article 9(2)(j) of the General Data Protection Regulation, or Article 6(1)(e) of the General Data Protection Regulation.

Valid consent to data processing given by the data subject under data protection law (Article 6(1)(a) and/or Article 9(2)(a) with Article 6(1)(a) of the General Data Protection Regulation).

Other (elaborate in question 23a below)

23a. Elaborate

24. I am not a robot*

Don't fill this field!