On this page you will find extracts from the guidelines and other relevant information for projects that will process personal data. The guidelines can be read in their entirety by clicking on the link below. The guidelines must be seen in the context of the Framework for the processing of personal data in VID (in Norwegian).
Roles and responsibilities
The project manager is responsible for ensuring that privacy is safeguarded in each individual project. In student theses, the appointed supervisor is the project manager.
Project team members and students have a duty of confidentiality, must safeguard the privacy of participants, and must carry out the project in accordance with the assessment from Sikt and, if applicable, the approval from REK. Project team members and students must complete the necessary training in privacy and information security before processing personal data in the project.
Requirements for the processing of personal data in the research project
All research and student projects that process personal data must be notified to Sikt, at least 30 days before planned data collection. Click on the boxes below to read more about the requirements for projects that process personal data.
Completion of the project
Personal data must not be stored longer than necessary to achieve the purpose of the project.
Archiving
If personal data will be stored after the end of the project, information must be given to the participants, in the notification form to Sikt, and, if applicable, in the application to REK. The project manager must explain the purpose of further storage, which societal interests can be safeguarded, and any disadvantages for the participants. The data must be stored in accordance with VID’s guidelines. Assessment from Sikt or REK will normally specify how long data can be saved.
Breaches
Anyone who discovers a discrepancy must immediately notify their immediate manager. The person who discovers the discrepancy, or the immediate manager, must report to the Pro-Rector for Research and the Data Protection Officer. The Data Protection Officer assesses whether the deviation should be reported to the Norwegian Data Protection Authority. See handling of breaches in the Framework for the processing of personal data at VID (in Norwegian) and the guidelines for handling breaches (in Norwegian).
Agreement templates for research projects
Here you will find relevant templates for your research project and information about the different templates.
Do you need help?
Do you have questions about privacy in research, do you need help with a data processing agreement, or are you wondering where you can store your research data? Contact us at forskningsdatahandtering@vid.no. VID's data protection officer can be contacted at: personvernombud@vid.no.