Denne siden på norsk

Frequently asked questions

  • I will not publish personal information, do I still need to notify the project?

    The notification duty applies even though you only publish anonymous data. What determines whether your project will be subject to notification or not, is how you process personal information while working on the project. For more information, see: Is my project subject to noticication?.

  • How can a project be carried out without being subject to notification?

    In order for a project not to be subject to notification, all electronic data processed through the entire research process has to be anonymous . In addition, no sensitive data can be linked to directly identifiable personal data, nor via code or reference number referring to a separate list of names (scrambling key).

    Here are some examples of methods that can be used:

    • In carrying out interviews and/or observation, data is recorded exclusively in the form of notes (not recordings). One must ensure that no names and no personally identifiable background information is registered in the data material.
    • There can be made audio recordings of interviews if the interview guide is designed in such a manner that no personal data will appear in the recordings. (NB! Voice combined with background information about the informant may in some cases be personally identifiable. When using audio recordings, this type of information has to be omitted or limited in such a way that individuals cannot be recognized in the data material.)
    • Paper surveys can be carried out, as long as neither names nor any sensitive personal data is registered.
    • For online surveys not to be subject to notification, one has to make sure that the IT solution is completely anonymous (among other things, the respondent’s email or IP address cannot at any moment be connected to the survey), and that the survey does not contain questions about identifiable information. NB! Most online surveys do register email or IP address, and using these will make the project subject to notification, even in cases when only the data processor has access to identifiable information.
    • Data from records and registries can be used without making a notification as long as only anonymous data is extracted. The information can in no way be traceable to individuals. Several anonymous registry data is available online, for instance at SSB and NSD.
  • How do I anonymise my data material?

    In order to make your data material anonymous, you need to go through all your data and remove or edit identifiable information in such a way that individuals no longer can be recognized.

    Usually this entails:

    • deleting all directly identifiable data (such as names/lists of reference numbers/scrambling key)
    • deleting, rewriting or grouping together indirectly identifiable data (i.e. background variables such as residence/work place/school, age and gender)
    • deleting (or editing) photos and audio or video records

    If you use a data processor, the data processor must also delete all personal information connected to the project which they possess.

    Please note that in most cases you can lawfully keep an anonymous data set after the end of the project, since you are no longer processing personal information. In this case, you need to make sure that you have edited the data material adequately, so that individuals can no longer be identified. However, in some cases you do have to delete all your data. This may happen if you have promised the sample to do so, or when it is a demand from the data owner (e.g. Statistics Norway).

    Publications should normally present the sample anonymously. However, in some cases there may be good scientific reasons to publish personally identifiable information, but this can only be done after consent from the person(s) in question.

  • I will collect data abroad. Will my project be subject to notification in Norway?

    If you are a student/researcher at an institution in Norway, you are requiered to notify The Data Protection Official for Research when processing personal data in the same way as for data collection in Norway.

  • I will collect data in Norway, but the data controller is located abroad. Do I have to submit a notification in Norway?

    If the data controller is established in an EEA country, it is sufficient to submit a notification of the project to the relevant authorities in the country concerned. It the data controller is located in a country outside the EEA, the notification must be submitted in Norway by a Norwegian institution that undertakes the role of the data controller''s representative.

  • When may children give their consent to participate?

    Depending on the project, common practice is an age limit of 15 to give consent, and 16-18 when gathering sensitive personal data.

  • Can I archive mye data at NSD?

    NSD offers good solutions for researchers and institutions who want to archive various types of research data. By archiving data at NSD and make them available for secondary analyzes, you can also help promote empirical research. Read more about archiving data at NSD.

  • Why is my institution not listed in the notification form?

    If you can't find your institution in the list, the explanation is that the institution does not have an agreement with NSD as its Data Protection Official for Research. Please contact your institution.

  • How do I notify changes in the project

    If you plan to make changes to your project that differ from the information you gave in your Notification form, you must usually submit a Change Request form.

  • How do I notify change of supervisor or institution?

    A change of supervisor requires confirmation from your former supervisor or institution. A change of instition requires verification from an employee at minimum department level. This applies to both old and new institution.

    changes must be notified via our Change Request form.

  • Do I need to notify The Data Protection Authority (Datatilsynet)?

    Your notification form shall be sent to NSD. If the project requires a license from The Data Protection Authority, we will help you design your application and send it to the Data Protection Authority on your behalf. Projects that require a license might be projects that process sensitive data, and:

    • are of a large scale (over 5000 persons) and of a long duration (over 15 years), and/or
    • use/consist of large data sets that are not sufficiently de-identified or pseudonymised, and/or
    • make non-response analyses not based on consent and/or
    • use data from the pseudonymous health registries (IPLOS and NorPD (Reseptregisteret))
    • research on particularly sensitive data without consent.
  • Which projects should be approved by the Regional Committee for Medical and Health Research Ethics (REC)?

    It is the purpose of the project that determines whether a project will need approval from REC under the Health Research Act or if it is subject to notification to The Data Protection Official for Research under the Personal Data Act/Personal Health Data Filing System Act. Read more.



© NSD - Norsk senter for forskningsdata • Kontakt NSDPersonvern og informasjonskapsler (cookies)