Beaumont Hospital Data Protection Impact Assessment for Research and Clinical Trials, revised August 2021

The Beaumont Hospital Deputy Data Protection Officer (DDPO) released a revised DPIA for Research and Clinical Trials on the 18 August 2021 (V6.0)

This replaces version 5.0, January 2021.

A DPIA is required if at least two of these 10 criteria are reached:
  1. Evaluation or scoring- especially to do with someone's work performance or health e.g. a biotechnology firm offering genetic testing to customers in order to predict disease/health risks;
  2. Automated-decision making with legal or similar effect - the processing may lead to discrimination or exclusion;
  3. Systematic monitoring - e.g. cctv in a public space;
  4. Sensitive Data- e.g. health data, genetic data and all article 9 special categories of data;
  5. Data Processing on a large scale;
  6. Datasets that have been matched or combined;
  7. Data concerning vulnerable data subjects - power imbalance between data controller and data subject e.g. patients,children, the elderly, employees, persons with disabilities;
  8. Innovative use or applying technological or organisational solutions - e.g. fingerprint or facial recognition;
  9. Data transfer outside the EU;
  10. Where the processing itself prevents a data subject from accessing a service- e.g. credit screening by banks to decide whether to give someone a loan.

In terms of health research, criteria 4 & 7 nearly always apply, and sometimes 1,5 & 9 also.

Beaumont Hospital

As a result,

a DPIA is required in respect of all research and clinical trials taking place in Beaumont Hospital which involve the processing of personal data for health research.

  • Researchers applying for local research ethics committee approval from the local research ethics committee in Beaumont Hospital submit the DPIA to the Beaumont Hospital Ethics (Medical Research) Committee as part of the submission process -

North Dublin Mental Health Services

Aislin Centre (acute psychiatry in-patient unit located on the Beaumont Hospital Campus and operated by the HSE)

Please note that if you are conducting a research study in the HSE North Dublin Mental Health Services, that a template Data Protection Impact Assessment for Research is being drafted by the HSE Research and Development Department - see website notice here. The HSE Data Protection Officer is the relevant DPO for research taking place in the Aislin Centre (i.e. not the Beaumont Hospital DPO), and the HSE Data Protection Officer and Deputy Data Protection Officer details are here. HSE Researchers applying to a REC, and proposing to conduct in-patient research in the Aislin Centre may submit the general HSE Privacy Impact Form (June 2019) as part of their submission to a REC - See PIA Process Guidance (June 2019) for assistance.

HSE Researchers applying to a REC and proposing to conduct in-patient research in the Aislin Centre who are unsure if a Privacy Impact Assessment applies may refer the HIQA PIA Threshold Assessment as a first step.