Institutional Culture on POPD
Institutional Culture on Protection of Personal Data – An encompassing approach
Conference
Format: Poster
Topic: Open Science & Responsible Research & Innovation
Session: 📋 Poster Session
Tuesday 25 April 10:15 a.m. - 11:45 a.m. (UTC)
Abstract
Protection of personal data (POPD) is a building block of research institutions, especially in those focused on biomedical research. Centres must guarantee the study participants’ privacy, as we are managing the people’s most sensitive information. Researchers require continued and expert advice to manage their projects ‘needs in terms of personal data protection.
At ISGlobal, we understand personal data protection as a core element for reputation and compliance that matters to the whole institution.
Our final aim is to create an institutional culture towards personal data protection. This is mainly achieved thanks to:
1) an encompassing approach of POPD, going beyond the regulation,
Our approach goes beyond the regulation and conceives POPD intimately linked to the ethical and open science implications of the projects. Therefore, it is analysed from this broader perspective rather than an isolated issue.
2) the implication of different profiles and areas on the institution,
For that, in 2017, we established an internal working group composed by the Research Manager, who was appointed as Data Protection Officer in 2018, the Legal Manager, the IT Manager and members representing the areas of HR, Communication, Statistics, Training and Purchasing. This working group together with the support of external advisors is responsible for the implementation of the GDPR and the Spanish law on personal data protection and the follow-up of our internal policy on POPD.
3) a reporting system that includes the Direction and Scientific Committees, the Compliance Committee and the Administration,
The members of the working group listed above participate in several governing bodies of the institution, linking the POPD requirements to the institutional, scientific, compliance and administration policies and procedures.
4) the implementation of several activities and actions,
Highlighting: i) a continuous support to researchers and their teams on any matter related to POPD, ii) continuous training and debate activities, both general seminars and targeted courses responding to the projects’ characteristics, iii) the implementation of external assessments and audits, which identify new areas of improvement, and iv) the preparation of specific material (leaflets and videos), and tools to facilitate POPD management (incidences reporting system, templates - DPIA, informed consent form, protocols, etc.).