COMIRB and Contracts
Step One
General Data Protection Regulation (GDPR)
It's everyone's job to protect personal data.
If you determine that you will use personal data from the EEA, follow these steps. Send questions to
privacy@cuanschutz.edu.
Complete and submit the following paperwork to COMIRB:
- COMIRB Application
- Protocol (identify involved EEA organizations)
- Grant/Contract (if any)
Reference Material for review: COMIRB GDPR Guidance Document
SOP
Step Two
COMIRB or a member of the GDPR Committee will contact you to develop an SOP for managing and protecting your GDPR data. To ensure GDPR is followed, the SOP will specify how data will be transferred, stored, and used, who will have access, list the software services you will use, etc.
TRAINING
Step Three
CITI Training: After speaking with the Privacy office or COMIRB about your project, complete the first module (“GDPR Overview”) of the CITI “GDPR for Research and Higher Ed” course and send an email to privacy@cuanschutz.edu when completed.
APPROVAL
Step Four
The GDPR Committee will review the project and documentation. If approved, the PI will be asked to sign the SOP, COMIRB can complete their review, and any contractual agreements will be finalized.
Begin Work
Step Five
Remember that under GDPR any data related to a person, e.g.: name, email address, thoughts, opinions, and genetic information, EVEN data that has been de-identified must be properly protected and the person's rights (notice, access, and deletion) respected.