EBISPOT / DUO

Ontology for consent codes and data use requirements
Other
64 stars 15 forks source link

DUO for IT-Security requirments at requesters site #111

Closed NixBio closed 3 years ago

NixBio commented 3 years ago

Due to GDPR in Europe the DAC (EGA: DATA Access Committee) should validate if the data requester/requesting institution has certain IT-security measures in place.

Therefore we have to make sure that the following measures apply e.g.:

One could define a DUO term: GDPR compliance requested. The requester institution does not necessarily have to have an official certificate, but as long as it fulfills the requirements, access could be granted, given, respective contracts are in place. (We use this contract: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32004D0915&from=EN)

Thanks for considering my request for discussion. Kind Regards Nick

mcourtot commented 3 years ago

Discussed at DUO call on May 19th 2021: This term is not in scope for DUO and we have talked to the Data Access Committee Review Standard (DACReS) group which will handle it; eventually the DACReS/REWS will have guidance for data access we can point to. cc @solideoglori