HomeUse casesSensitive research data: Data controller makes data available for reuse
Use Case | 24.2.2025

Sensitive research data: Data controller makes data available for reuse

We are working in an academic organization that acts as a data controller for the datasets researchers publish in the Finnish Federated EGA (FEGA). We want to enable the reuse of these datasets while controlling who gets access to the data and ensuring the data is made available only in a secure environment.

First, we need to ensure the necessary legal agreements are in place between our organization and CSC. To enable data reuse, we need to form a Data Access Committee (DAC) for our organization’s datasets, and define agreements and processes for data reuse.

For managing access to datasets, we can use the following service:

  • SD Apply for processing access requests

Please be aware that this process can be lengthy, but we will support you at every step.

1

Establish legal agreements

Depositing data to the Finnish Federated EGA (FEGA) requires a Service Agreement between the data controller and CSC. Contact CSC to initiate the legal process. Once the agreements are in place, they cover future FEGA submissions.

Legal agreements, Data Access Committee and Policies (Docs) CSC Service Desk
2

Form a Data Access Committee

The data controller needs to designate a Data Access Committee (DAC) for the datasets stored in the FEGA service. DAC is a group of individuals who are responsible for reviewing data access requests from researchers who are interested in using the data in their own research. Based on the applications, the DAC decides whether to grant access to the data or not. Aim to form a general DAC that can oversee access to any datasets for which your organization is the data controller.

Form a DAC (Docs)
3

Define policies and processes for data reuse

Together with the legal department, define the conditions and necessary information needed for accessing the data. Policies should include a Data Access Agreement (DAA), in which the data controller specifies conditions and restrictions for data reuse, as well as a Data Transfer Agreement (DTA). Define what kind of information researchers who want to access the data should provide and plan how the data access requests will be processed.

Legal agreements, Data Access Committee and Policies (Docs)
4

Add datasets and data use conditions to SD Apply

Add the dataset to SD Apply service together with the necessary data access policies, dataset identifier, and an application form. You can add the relevant DUO codes to the dataset to indicate the conditions under which the data can be reused. All the organizations datasets need to be connected to the DAC who will handle the access requests. CSC will help you to add the information to the SD Apply service.

Adding datasets to SD Apply (Docs)
5

Process access requests

SD Apply facilitates the communication between a data applicant and the DAC. When someone applies access to your organization’s dataset, you get an email notification of the access request. You can approve or reject the access request in SD Apply based on the information the researcher has provided on the application form. When you approve a request, the applicant can automatically access the data in the secure cloud computing environment, SD Desktop.

Process access requests (Docs)

Images: CSC, Google Fonts