Navigation auf


Legal Services and Data Protection

Data Protection/Ethics Self-Assessment Tool

What is the Privacy/Ethics Self-Assessment Tool?

The Data Protection/Ethics Self-Assessment Tool is aimed at researchers who in any way involve persons or at least their data in their research (e.g. for surveys, experiments, observations, etc.) – regardless of whether the resulting data is anonymized or not.

Researchers can use the tool to assess which questions their project raises in terms of data protection and ethics and inform themselves whether they need to submit their project to the appropriate body (UZH Data Protection Law Section, Faculty Ethics Committee, cantonal data protection commissioner or cantonal ethics committee). The information and recommendations collected by the tool are finally summarized for the researchers in the form of a PDF document.

Access via «AVA» (Application - Contract - Administration)

As of April 17, the tool «AVA» (Application - Contract - Administration) was introduced in the area of third-party funding management:

It provides workflow-based, bilingual (D/E) support for third-party funding holders and administrators - from the application phase to the review phase ("Laufzettel") to the completion of third-party funded projects. The data protection/ethics self-assessment tool can now be accessed directly in AVA.

Instructions and demo videos as well as the dates and links to the training courses can be found at

Data Protection

One of the main objectives of the self-assessment tool is to find out whether personal data is being processed and, if so, whether it is based on sensitive data or personality profiles. It also asks whether data is being processed by third parties. If the answer is yes, the data must be protected by a written contract.

Furthermore, it must be ascertained which law is applicable to the project. The cantonal IDG is always applicable when members of the UZH process data, whereas the European GDPR is only applicable in special circumstances. Depending on the applicable law, different blocks of questions will be asked in the course of the tool.

The following question blocks aim to find out who has access to the data. Depending on the answer, it is recommended to use the corresponding templates provided by the Data Protection Department or to contact them. In addition, compliance with the legal transparency and validity regulations will be checked to ensure that consent has been validly obtained, that the principles of transparency and purpose limitation have been respected, and that processing is proportionate.

Finally, the necessary technical and organizational measures are pointed out. The data protection section ends with a risk assessment regarding data processing and a clarification as to whether a prior check with the cantonal supervisory authority is necessary.


The ethics part of the self-assessment tool largely corresponds to the evaluation questions of the faculty ethics committees established at the UZH. The evaluation processes are not affected by the tool: in the case of a positive "ethics finding", the researchers are referred to the corresponding commission.

At the beginning, a number of questions are asked to determine whether the research project falls within the scope of the Human Research Act and must therefore be submitted to the Cantonal Ethics Committee (KEK) for review.

This is followed by questions to determine whether the study should be submitted to a facultative ethics committee. In particular, these questions concern whether vulnerable persons are included in the research, whether certain risks exist for these persons and also for the researchers themselves, and whether there are inappropriate dependencies, incentives or conflicts of interest between the persons involved. These questions also come up when the study has to be submitted to the KEK; they help to prepare an appropriate submission.

Privacy Notice

The data collected by the self-assessment tool is stored on servers of the UZH IT Department. The data will not be disclosed to third parties. All personal data (i.e. general information as well as the name of your research project) and information in the free text fields will be deleted after six months. The remaining data will remain stored for statistical purposes and to improve the self-assessment tool.

This does not apply to consulting situations in which you contact the Data Protection Department by e-mail. For further information, please consult the UZH privacy policy or contact the Data Protection Team.