DAISY: A Data Information System for accountability under the General Data Protection Regulation

Abstract Background The new European legislation on data protection, namely, the General Data Protection Regulation (GDPR), has introduced comprehensive requirements for the documentation about the processing of personal data as well as informing the data subjects of its use. GDPR’s accountability principle requires institutions, projects, and data hubs to document their data processings and demonstrate compliance with the GDPR. In response to this requirement, we see the emergence of commercial data-mapping tools, and institutions creating GDPR data register with such tools. One shortcoming of this approach is the genericity of tools, and their process-based model not capturing the project-based, collaborative nature of data processing in biomedical research. Findings We have developed a software tool to allow research institutions to comply with the GDPR accountability requirement and map the sometimes very complex data flows in biomedical research. By analysing the transparency and record-keeping obligations of each GDPR principle, we observe that our tool effectively meets the accountability requirement. Conclusions The GDPR is bringing data protection to center stage in research data management, necessitating dedicated tools, personnel, and processes. Our tool, DAISY, is tailored specifically for biomedical research and can help institutions in tackling the documentation challenge brought about by the GDPR. DAISY is made available as a free and open source tool on Github. DAISY is actively being used at the Luxembourg Centre for Systems Biomedicine and the ELIXIR-Luxembourg data hub.

[1]  Xiaoqian Jiang,et al.  Protecting genomic data analytics in the cloud: state of the art and opportunities , 2016, BMC Medical Genomics.

[2]  Johannes J M van Delden,et al.  Revised CIOMS International Ethical Guidelines for Health-Related Research Involving Humans. , 2017, JAMA.

[3]  Michelle Giglio,et al.  Human Disease Ontology 2018 update: classification, content and workflow expansion , 2018, Nucleic Acids Res..

[4]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[5]  Matthew H. Brush,et al.  The Resource Identification Initiative: A cultural shift in publishing , 2015, F1000Research.

[6]  E. V. Nuttall ACT , 1986 .

[7]  M. Bobrow,et al.  Data storage and DNA banking for biomedical research: technical, social and ethical issues , 2003, European Journal of Human Genetics.

[8]  Resource Identification Initiative Members The Resource Identification Initiative: A cultural shift in publishing , 2015 .

[9]  Damian Smedley,et al.  The Human Phenotype Ontology project: linking molecular biology and disease through phenotype data , 2014, Nucleic Acids Res..

[10]  Jordi Rambla De Argila,et al.  Consent Codes: Upholding Standard Data Use Conditions , 2016, PLoS genetics.

[11]  Timothy Clark,et al.  The FAIR Guiding Principles for scientific data management and stewardship (vol 15, 160018, 2016) , 2019 .

[12]  Gauthier Chassang,et al.  The impact of the EU general data protection regulation on scientific research , 2017, Ecancermedicalscience.

[13]  Christiane,et al.  World Medical Association Declaration of Helsinki: ethical principles for medical research involving human subjects. , 2004, Journal international de bioethique = International journal of bioethics.

[14]  Silvio C. E. Tosatto,et al.  Tools and data services registry: a community effort to document bioinformatics resources , 2015, Nucleic Acids Res..

[15]  Berthold Koletzko,et al.  The European Nutrigenomics Organisation , 2009, Lifestyle Genomics.

[16]  Michael Morrison,et al.  The European General Data Protection Regulation: challenges and considerations for iPSC researchers and biobanks , 2017, Regenerative medicine.

[17]  David Townend,et al.  Conclusion: harmonisation in genomic and health data sharing for research: an impossible dream? , 2018, Human Genetics.

[18]  Pascal Borry,et al.  Rules for processing genetic data for research purposes in view of the new EU General Data Protection Regulation , 2018, European Journal of Human Genetics.

[19]  Wolzt,et al.  World Medical Association Declaration of Helsinki: ethical principles for medical research involving human subjects. , 2003, The Journal of the American College of Dentists.

[20]  Ivar Jacobson,et al.  Unified Modeling Language Reference Manual, The (2nd Edition) , 2004 .

[21]  Eugene Tseytlin,et al.  EDDA Study Designs Taxonomy (version 2.0) , 2016 .

[22]  Paul Denny,et al.  Genenames.org: the HGNC and VGNC resources in 2019 , 2018, Nucleic Acids Res..

[23]  Maryann E Martone,et al.  The Resource Identification Initiative: A cultural shift in publishing , 2015, F1000Research.

[24]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[25]  Data storage and DNA banking for biomedical research: technical, social and ethical issues , 2003, European Journal of Human Genetics.

[26]  Edward S. Dove,et al.  The EU General Data Protection Regulation: Implications for International Scientific Research in the Digital Era , 2018 .

[27]  Carey G. Smoak,et al.  The use of checksums to ensure data integrity in the healthcare industry , 2012 .