I wonder if any work has been conducted regarding dataSHIELD and the GDPR. More concretely, has any work been done to demonstrate/argue that the dataSHIELD client portal does not handle any personal data? It matters if a party (such as the org managing the portal) is a data processor, as that status may require legal agreements.
It is not that formal ask you probably mean, but at least we now have statement from our local data protection manager (University Medical Center in Freiburg, Germany) that we can use DataSHIELD for routine data under GDPR.
Hi Daniela,
I am at the University of Copenhagen and we are right now working on a GDPR risk assessment with our legal team in relation to working at DataSHIELD. Would it possible for you to send me your statement for inspiration?
Best wishes,
Luise
Hi Louise.
Did you finalize your legal team clarification in 2020?
We have a project with similar risk analysis needs and we are also from Copenhagen area (Region H legal team - DataSHIELD use in medical context)