6.1 Set-up and content of the training

Who and when?

To ensure protection of personal data and IPR, training procedures must be in place and provided prior to any data access. Training material and procedures can be created by the organisation providing the training or possibly bought from the data provider’s Support Services. Training must be given to analysts, video annotators, those responsible for the database, visiting researchers and all other staff handling, analysing or looking at personal or IPR data. Even persons to whom data are shown (during a demonstration, for example) must be informed about relevant data protection and IPR issues beforehand. 

What?

The training needs to cover the following topics (the level of detail can be adapted to target audience’s needs):

Table 17: Data protection topics to address in training

TopicDescription
Description of the data with special focus on personal data and IPR – What are personal data, in general and in this specific context?
– What are intellectual property rights, in general and in this specific context?
– What data are collected with (for example) video, questionnaires or GPS tracks?
– Information about data ownership and access rights for partners/third parties.
Data-handling requirements originating from national and other applicable laws, regulations, and rules.Personal data must be:
– processed fairly and lawfully,
– obtained for specified and lawful purposes,
– adequate, relevant and not excessive,
– accurate and up-to-date,
– not kept any longer than necessary,
– processed in accordance with the participants’ rights and acceptance,
– securely kept, and
– not transferred to any other country without adequate protection in situ.
Explanation of the consent form content, especially the specific active consents related to data sharing (voluntariness, comprehension and disclosure): – How should the study participant be informed about data collection, purpose, handling, storage, and access – including re-use after the project ends?
– What is included/excluded in the participant’s consent? (For example, participants give their consent to collect videos for analysis purposes and to video of them being shown in conference presentations).
Data-handling procedures – Practical rules and procedures for data access (rooms and workspaces with limited access, personalized keys, password protection)
– Data structure
– How the data are anonymised, pseudo-identified and/or encrypted
– How the data are accessed, in order to (for example) perform analysis
– The contact persons for different procedures including the data protection responsible
– Whom to inform in case of deviations.
– Information about publication rights.

How? It is recommended that a personal training session be organised to answer questions and make sure that all staff members know their responsibilities. Online courses might be helpful to provide additional valuable information, but they are not considered sufficient on their own as they cannot cover local implementation of the security precautions. A basic understanding of three principles essential to the ethical conduct of research with humans: respect, beneficence and justice.