Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Denmark: Datatilsynet issues guidance on data protection in connection with research projects

On July 14, 2023, the Danish data protection authority (Datatilsynet) published new guidance on processing personal data in the context of research. The guidance is mainly targeted at researchers with the aim of clarifying the data protection roles and obligations of different parties. In particular, the Datatilsynet noted that a party may have different data protection obligations depending on whether they are considered a data controller or a data processor in a research project. The Datatilsynet also explained that the level of control a party has over the collection and processing of data would determine the data protection role the party plays. 

In the guidance, the Datatilsynet gave examples of the data protection roles different parties would assume in various research scenarios. In particular, the guidance outlines the data protection obligations of: 

  • individuals carrying out research, including university students and supervisors; 
  • institutions involved in research, such as universities and hospitals; 
  • pharmaceutical companies involved in clinical studies; and  
  • institutions that sell and transfer research data. 

Furthermore, the guidance addresses disclosure in connection with research projects and the purchase of data and ordering services.   

You can read the press release here and the guidance here, both only available in Danish.