Register a biobank or database for future research in which AU is data controller

Here, you can register a biobank or a database for future research in a specific scientific area in which AU is data controller.

Register a biobank or database for which AU is the data controller (PID: 1451063)

1. Introduction
To have your biobank/database registered in the AU record, we need information about you and your research purpose.

Please note that:

• It is your responsibility to ensure that the information is correct and in accordance with the actual circumstances.

• In some cases, you will have to elaborate on the information you give us. This will be stated on the form.

• Your registration is only submitted once you have completed all parts of the registration form and clicked 'submit'. You will then receive a copy of the registration at the email address you provided on the form.

• The biobank/database will not be registered until you have been assigned a serial number and received a confirmation letter.

• The confirmation letter is only documentation that your project has been included in the AU record. It is not an approval of your research.
2. Contact Person
3. Processing
You must provide an end date even if you do not know the exact date. This will enable us to help you follow up. It is important that you document in writing your assessment of any storage periods.
4. Personal data

Data subjects

When describing the number of people you are processing data about, indicate the exact number if you know it. Alternatively, you can describe the variables in your research project, e.g. all Danes between the ages of 18 and 25.

Types of personal data

5. Data sources and processing security
State the data sources in your research project. State where you collected the personal data.

Data sources

Security of processing

The measures you should take to protect personal data depend on the type of data in question, the numbers involved, and who you process data about. Example:
• Technical measures, such as storing the data on a secure server, encryption and pseudonymisation.
• Organisational measures, such as rights management and training.
6. Sharing
State here whether you need to share personal data with others who are not employees at AU. Remember that you must have an agreement with the party with whom you will be sharing personal data. The Technology Transfer Office ( can help you negotiate the agreement.

Please note that the sharing of personal data may require authorisation from the Danish Data Protection Agency. Find guidance at

If you are using a research machine, for example the research machine at Statistics Denmark, note that you are using a data processor for AU.


If you have ticked 'Yes' in question 17, remember that you must have a policy for disclosure in place, and you must update the AU record at appropriate intervals with an indication of who the personal data has been disclosed to. Read about your other obligations in connection with disclosure at
For example, you may be required to obtain permission from the Danish Data Protection Agency.

Data processor


Note that sharing personal data with a party outside the EU/EEA or an international organisation requires a basis for transfer and possibly authorisation from the Danish Data Protection Agency.

Shared data responsibility

7. Agreements
State the agreement number or submit a copy of the agreement if you are using a data processor or are part of a shared data responsibility.
8. Basis for processing
Processing personal data requires that you have a valid legal basis for processing the data (legal authority).