Closed NixBio closed 3 years ago
Discussed at DUO call on May 19th 2021: This term is not in scope for DUO and we have talked to the Data Access Committee Review Standard (DACReS) group which will handle it; eventually the DACReS/REWS will have guidance for data access we can point to. cc @solideoglori
Due to GDPR in Europe the DAC (EGA: DATA Access Committee) should validate if the data requester/requesting institution has certain IT-security measures in place.
Therefore we have to make sure that the following measures apply e.g.:
One could define a DUO term: GDPR compliance requested. The requester institution does not necessarily have to have an official certificate, but as long as it fulfills the requirements, access could be granted, given, respective contracts are in place. (We use this contract: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32004D0915&from=EN)
Thanks for considering my request for discussion. Kind Regards Nick