CoP Meeting 11 November 2022

Author: Maja Dolinar (Slovenian Social Science Data Archives (ADP)), Irena Vipavc Brvar (Slovenian Social Science Data Archives (ADP)), Francesco Vigna (UNIBO)

On November 11th, 2022, the RITrainPlus Community of Practice held a meeting centred around the topic of data compliance in research, specifically tailored for RI- and CF-managers. The meeting consisted of three 20-minute presentations from experts in the field, each focusing on a different aspect of data compliance.

The first presentation, given by Dr. Francesco Vigna, explored the challenges data managers face when reusing personal health data for research purposes. Dr. Vigna highlighted the trade-off between the necessity to share and re-use large amounts of data for AI systems and the principles of data protection law in Europe. The GDPR, which outlines regulations for personal data processing, presents a challenge for research organisations that need or want to re-use personal data for scientific research.

Dr. Vigna proposed that compliance with the GDPR can be facilitated through the use of certification mechanisms, which guide and certify compliance activities through a list of checks and controls. However, obtaining approval for a certification mechanism from a data protection authority is not an easy path, with only a few certification mechanisms approved so far. Nevertheless, certification schemes are becoming more popular, with examples emerging from different countries in the EU.

The second presentation, given by Dr. Noemi Conditi, evaluated different consent models for the processing of health data for scientific research. Dr. Conditi highlighted the differences between “consent to data processing” and “informed consent,” as well as different models that may be used for health data processing. Consent is an essential aspect of data compliance in research, and it is crucial to ensure that the participants are aware of how their data will be used and have given their informed consent for processing.

The third presentation, given by Dr. Pier Giorgio Chiara, focused on navigating complexity in cybersecurity compliance and cyber hygiene best practices. Dr. Chiara emphasised the disparate EU legal frameworks regulating cybersecurity and the importance of resilience against prime cyber threats. He also defined “cyber hygiene” as a set of best practices for individuals and organisations to reduce the risk of cyber threats.

Overall, the meeting provided a comprehensive overview of the challenges and opportunities associated with data compliance in research. The speakers highlighted different tools, mechanisms, and practices that can be used to navigate the complexity of data compliance in research, including certification mechanisms, consent models, and cyber hygiene best practices. The meeting ended with a discussion among participants, emphasising the importance of stakeholder involvement in the functioning of these instruments and their application in order to face complexities in reaching compliance with data protection law.

The RItrainPlus CoP provides a forum for discussion about relevant issues and opportunities for knowledge and best practices sharing through a peer learning approach that would support research infrastructures (RIs) and core facilities (CFs) in their specific managerial and operational challenges. The CoP offers new community meetings every two months, and by signing up, you will be able to access the meeting recordings and materials. This is a great opportunity to learn from experienced professionals and stay up-to-date with the latest best practices in the research infrastructure landscape. Sign up to the RITrainPlus CoP!

Data, Privacy and Research