GHGA’s legal and data protection structure explained
One of the key areas of work for GHGA has been the development of a legal and data protection structure that ensures GHGA meets all its legal obligations with respect to data protection whilst facilitating straight-forward, but secure, data submission and access processes.
As we prepare to launch GHGA Archive, we have produced a white paper to describe both how our legal and data protection structure operates and how our obligations and ambitions have shaped our work.
In the first part of the paper we focus on defining the data types to be processed, the responsibilities that each of the parties in GHGA will have, and mapping these responsibilities to GDPR roles for the different data types. We then highlight the five additional ambitions that we sought to address through our legal and data protection structure:
- GHGA must be able to take in Research Data and Personal Metadata and store it securely at any of the GHGA Data Hubs.
- Only Non-Personal Metadata can be published freely on the GHGA Data Portal.
- Institutions operating GHGA Data Hubs must be able to share personal Administrative Data.
- Institutions not operating GHGA Data Hubs should only have access to certain types of personal Administrative Data.
- Data Controllers should only have to sign one contract to submit data to GHGA even though GHGA is not a legal entity.
We then move on to discuss the structure of the GHGA Consortium and the legal agreements that are used to govern those relationships. We also highlight the legal agreements required when submitting or accessing Research Data from GHGA.
Finally, we consider some of the documents relating to data protection that GHGA has developed and how they relate to the different data types we are processing and how the processes for data submission and access are implemented. The white paper concludes by returning to our five ambitions to ascertain whether the structure we have developed enables us to fulfil them.
Overall, the white paper highlights the work done by GHGA on legal and data protection aspects so far and demonstrates to stakeholders both how the Consortium operates but also our commitment to good practice and transparency.