Data protection and privacy for individuals is the right to privacy and the right to decide on your own personal data. GDPR Article 30 strengthens the requirements for overview and control. UiB has a legal responsibility to safeguard the privacy of employees, students, and research participants. In order to meet this responsibility, RETTE is now being implemented to ensure compliance with and increased competence for key legislation in research and education.
RETTE stands for risk and compliance (Risiko og ETTErlevelse ) in research projects, and is UiB’s system for monitoring and control of the processing of personal data in research and student projects. The system will also have an overview and control of tasks and projects related to quality assurance of patient care and teaching, and projects related to learning analysis purposes.
RETTE will be available for registration of information on projects that process personal data at UiB from October. The Faculty of Medicine is the faculty that first gains access to the RETTE. Registration, follow-up and confirmation of projects will be carried out in the administrative line with RETTE arranging for responsibility for confirmation from the project manager, the department management, and the faculty management on their project portfolio.
RETTE aims to increase the competence in the privacy rights for students and staff, and should be a tool for the institutes at UiB so that they can be sure that personal data is processed in accordance with current legislation.
In practical terms, RETTE is a website linked to UiB.no/personvernportalen where no installation or special technical skills are required to use the system. The system consists of a registration module for students and staff, and an admin module for the use of institutes, faculties and management.
There are role-based approaches in RETTE, and the Dean and Head of Department designate and select faculty and department heads for RETTE within the system. At K2, it is research leader Silke Appel who will be operationally responsible for monitoring projects in RETTE.
Health research projects must first seek REK. Approved projects are then transferred to RETTE from Cristin, and researchers will be told to provide supplementary information in the RETTE. Projects requiring exemption from the duty of confidentiality must first seek REK, and follow the procedure in RETTE. Completing the form in RETTE is stated to take approx. 10 minutes. For more information, see https://www.uib.no/personvern.
It is great that UiB takes the Privacy Act and GDPR seriously. RETTE seems to be a tool that is practical and useful for the purpose.
Happy fall holidays!
Pål Rasmus Njølstad