skip to primary navigation skip to content
Home
Home / School of Clinical Medicine / Research and Information Governance / Information Governance / Data Transfer Agreements

Information Governance

Research and Information Governance

School of Clinical Medicine

Data Transfer Agreements

Guidance on requirements for Data Transfer Agreements

To comply with information governance a Data Transfer Agreement needs to be in place to cover the transfer of data sets between establishments. We would normally expect only anonymised data to be transferred

Data Transfer Agreement

Agreement established between organisations that governs the transfer of one or more data sets from the owner/provider to a third party.

This guidance sets out the Clinical School procedures that govern the transfer, both outgoing and incoming, of data sets between the Clinical School and a recipient organisation.

Incoming data transfers

DTAs received by researchers from external parties for incoming data sets MUST be reviewed by a member of the contracts team in the Research Office BEFORE the data is transferred as terms need to be checked carefully against any applicable funding terms

Outgoing data transfers

A DTA must be put in place by a member of the contracts team in the Research Office before data is transferred

To ensure that this is done as efficiently as possible researchers should supply the following information

Outgoing transfers

  • Recipient institution, name and address
  • Recipient scientist’s name
  • Transferring researcher’s name
  • Copy of the consent form, PIS and ethics approval letter for the study under which the data was collected
  • Description of the data to be transferred
  • A lay summary of the use of the data
  • Funding details for the research which originally generated the data, including the RG number of the grant if available
  • If any identifiable data is involved, details about the ”safe haven” arrangements at the institution receiving the data

Incoming transfers

  • Transferring institution, name and address
  • Transferring Scientist’s name/department
  • Recipient researcher’s name
  • Description of the data to be transferred
  • A lay summary of the use of the data
  • Funding details for the research requiring the data, including the RG number of the grant if available
  • If you are receiving identifiable data, detailed information about the secure data storage arrangements

Identifiable data samples

Whenever possible it is good practice for research to be conducted on coded or completely anonymised data. In the event that identifiable information is requested by third parties or collaborators it should be ensured that any duty of confidence is not be breached. The terms of the original consent should be checked to see whether the proposed use by third parties is covered and if not, then consent should be sought if necessary. It should be stressed that personal identifiable data should not be passed on unless consent is in place and the storage area is secure

Sending data outside the EEA

The eighth Data Protection Principle (see Data Protection Act Overview) requires that personal data must not be transferred outside the European Economic Area (the European Union member states plus Iceland, Norway and Liechtenstein), unless the country or territory to which the data are to be transferred provides an adequate level of protection for personal data. One of the exemptions for this is if you have appropriate consent. It is therefore important that you have made clear in your participant information sheet and consent form that data may be sent outside the UK or the EEA.

Athena SWAN

Athena SWAN Silver award logo

Research Governance Office

Email: researchgovernance@medschl.cam.ac.uk
Telephone: 01223 769291 and 01223 335745

Study at Cambridge

About the University

Research at Cambridge