When does data protection law apply and what does it cover?
The Data Protection Acts 1988-2018 are designed to protect people’s privacy. The legislation confers rights on individuals in relation to the privacy of their personal data as well as responsibilities on those persons holding and processing such data.
Data protection law covers most situations in which information about somebody (the ‘personal data’ of a ‘data subject’) is used in some way (‘processed’) by some other person or organisation (the ‘controller’), other than in a purely personal context.
Personal Data: Personal data means data relating to a person who is or can be identified either from the data itself or in conjunction with other information that is in, or is likely to come into, the possession of the Department. It covers any information that relates to an identified or identifiable living individual. These data can be held on computers or in manual files.
A ‘controller’ refers to a person, company, or other body that decides how and why a data subject’s personal data are processed. If two or more persons or entities decide how and why personal data are processed, they may be ‘joint controllers’, and they would both share responsibility for the data processing obligations.
A ‘processor’ refers to a person, company, or other body which processes personal data on behalf of a controller. They don’t decide how or why processing takes place, but instead carry out processing on the orders of a controller.
During various research studies and projects, INFANT collects Electroencephalography (EEGs), associated videos of patients, physiological monitoring data, biological samples, clinical and assessment data. This data is collected mainly within Cork University Maternity Hospital (CUMH), the INFANT Discovery Platform at Cork University Hospital Paediatric Academic Unit and the INFANT Space in the Brookfield Medical Sciences Complex. The data is analysed for the study it was collected for and is stored for future analysis in related projects/research questions as per the original consent obtained.
Following Good Clinical Practice (ICH-GCP E6 (R2) guidelines and ISO 14155:2020 all research data collected such as EEGs, videos and clinical data is pseudo-anonymised by stripping any patient identifiers and assigning unique study numbers.
INFANT stores data from previously conducted studies in a state of the art three layer storage systems that are monitored and secure.