Health Research Data Protection Network

The Irish Health Research Data Protection Network agreed on Version 1 of a Practical Guide on Data Protection for Health Researchers on the 18 December 2020.

This document gives a good insight into the interpretation and application of data protection legislation by a group of data protection officers (DPOs) in research performing organisations (RPOs), typically academic institutions, in the Republic of Ireland at a point in time.

Please be advised: -

  1. This practical guide is not a legal document.
  2. It pre-dates the amendments to the Health Research Regulations which took effect on the 21st January 2021.
  3. It pre-dates all publicatons from the European Data Protection Board and the HSE National Office for Research and Development in 2021, and 2022.


Useful quotes from this guide include:

  • "Control, rather than possession, of Personal Data is the key factor in determining who the Data Controller is."
  • "If a Clinical Investigator has a dual research affiliation with a Hospital and an academic organisation, for each research project the Clinical Investigator is required to stipulate the organisation which he/she would like to assume the Data Controller role for the research. The acceptance of the role is subject to acceptance, in accordance with the chosen organisation's approval procedure."