RETTE

System for Risk and compliance. Processing of personal data in research and student projects at UiB.


RETTE contains information from the following sources (for complete information see UiBs website https://www.uib.no/en/researchethics)

  • Health research projects that have research ethics approval from REK. Project information is imported from Cristin to RETTE, and researchers must supplement necessary information required by the personal data regulations (projects are imported daily).
  • Self-completed project information about:
    • Research and student projects (thesis) that involve processing personal data. Can as a main rule be registered directly in RETTE, as long as the participation in the project is based on informed (ethical) consent, or the project processes data from open sources, or through anonymous surveys or surveydata, and are otherwise carried out in accordance with research ethics guidelines. Student and PhD projects must be confirmed by the supervisor.
    • Research projects that involve processing of special categories (sensitive) personal data. Processing of special categories of sensitive personal data for scientific research purposes requires consultation with the institution’s Data Protection officer according to Norwegian law. The purpose of the review is to evaluate risks relating to the processing of data, including information security.
      • In RETTE section 6, please tick the relevant box if the participation is based on informed consent. Make sure the registration In RETTE is confirmed. General review of projects in RETTE by the DPO is usually sufficient, as long as the processing meets ethical and information security requirements.
      • Processing of personal data which may constitute high risk, such as secondary processing of sensitive personal data from other sources without consent, should contact the data protection officer to check whether it is necessary to perform a Data Protection Impact Assessment (DPIA).

Registration in RETTE and consultation with the Data Protection Officer shall determine whether the project needs a data protection impact assessment (DPIA).

If you have questions about ethics and processing of personal data in research projects at UiB, please see Research Ethics | University of Bergen (uib.no)

If you need help with RETTE: Register questions or problems in UiBhjelp