Instructions for storage and processing of research data

• racial or ethnic origin
• political opinions, religious or philosophical beliefs
• trade union membership
• processing of genetic data
• biometric data for the purpose of uniquely identifying a natural person
• data concerning health (data concerning a person’s health is interpreted broadly, ranging from diagnoses to tests and test results for both physical and mental health)
• data concerning a natural person’s sex life or sexual orientation

*Pseudonymous data is data that can be attributed to the relevant person via an identification key. One way to pseudonymise data is to replace the civil registration number with a code and delete the name and the exact address. Pseudonymisation of data is subject to the data protection legislation (databeskyttelseslovgivningen).

• name
• address
• position
• type of employment
• email address
• telephone number and IP address
• gender
• age
• interests
• profiles
• credit information
• civil registration number (can refer to special categories of personal data, i.e. sensitive personal data)
• etc.

*Pseudonymous data is data that can be attributed to the relevant person via an identification key. One way to pseudonymise data is to replace the civil registration number with a code and delete the name and the exact address. Pseudonymisation of data is subject to the data protection legislation (databeskyttelseslovgivningen)

Processing certain types of primary material and/or data may be subject to contractual requirements and/or other legislation*. For instance:

• copyright data
• data on animals
• GMO data
• confidential data

*For instance: the ABS initiative, the Nagoya Protocol on Access to Genetic Resources, GMO for genetic resources and GMO notifications. 

All other types of data than those mentioned above, including anonymous data, are not subject to any restrictions.

During the research period

Aarhus University, represented by the responsible department head, must have access to and is entitled to use all primary research material and all data generated in research at the university, unless this is not possible due to specific  contractual obligations or relevant legislation (note that health legislation may include special obligations).

After publication

According to the FAIR Data Principles, after publication of the results, the underlying data set must be made accessible for re-use by researchers, PhD students or other staff at Aarhus University, as well as by third parties, unless such accessibility is in conflict with contractual requirements and/or legislation concerning e.g. personal data and copyright.

The decision to grant access to and/or permit re-use of data depends on the legal basis.

If you are in any doubt, please contact the Technology Transfer Office (TTO) at tto@au.dk. 

Access to personal data requires a special legal basis, both in connection with collection and use of data. Provided that access to personal data, including sensitive data, is legally possible and approved by the department head, such access requires either:

• permission for a new data controller to process the data, or
• a data processor agreement

Aarhus University must be informed of any sharing of personal data. More information.

If you have any questions about legal documents, please contact the Technology Transfer Office (TTO) at tto@au.dk.

Disclosure of personal data in the form of biological material, disclosure of personal data to third countries (countries outside the EU/EEA) or disclosure for the purpose of publishing personal data in journals etc. require prior approval from the Danish Data Protection Agency. More information.

Publication of anonymous data

Disclosure of information for publication in a given context with no attachment of personal data or the identification key (a number/code) to the personal data does not require prior permission from the Danish Data Protection Agency. This data will be considered anonymous in the given context.

In particular for Health

Inspectors, monitors and investigators must have full access to all databases in connection with inspection, monitoring and/or self-monitoring of clinical trials in accordance with the regulation on clinical trials (EU regulation 536/2014).

If you have any questions, please contact the Technology Transfer Office (TTO) at tto@au.dk. 

In accordance with the Policy for research integrity, freedom of research and responsible conduct of research at Aarhus University, research data must be stored for a period of at least five years, unless another statutory storage period applies with regard to the research project and data requires longer storage. 

Note that relevant legislation may be adjusted in collaboration agreements.

Research data may only be destroyed, anonymised and/or archived, see legislation on archiving, when the following 4 conditions are met:

1. When the storage period has expired
2. According to a decision by the department head
3. In accordance with the legal basis for collecting data
4. When digital data is delivered to The Danish National Archives (Rigsarkivet)

Storage of data 

The individual researcher is responsible for management and storage of research data at the Aarhus University storage facilities. 

Find information about the storage facilities at Aarhus University. 

If you have any questions about the storage facilities, please contact your local IT support.

Regarding storage of personal data

Personal data may only be stored for as long as is necessary and/or required by law.

In addition, data concerning health may be subject to special legislation that precedes the general legislation, e.g. the GCP rules (Good Clinical Practice) and the EU regulation on clinical trials, which – when the new rules come into force – will require storage of 25 years.

The individual researcher is responsible for documenting compliance with the requirements in accordance with data protection legislation.