Data Protection/Ethics Self-Assessment Tool

Pilot Stage

The data protection and ethics self-assessment tool is currently still in the pilot stage. If you have any comments or suggestions for improvement, please contact the following e-mail address: desat-support@dsi.uzh.ch.

Login

The tool is only accessible within the network of the UZH (i.e. from outside only via VPN). Please log in using the following link to get your personal access link.

Login (via AAI)

What can you expect?

The Data Protection/Ethics Self-Assessment Tool is aimed at researchers who in any way involve persons or at least their data in their research (e.g. for surveys, experiments, observations, etc.) – regardless of whether the resulting data is anonymized or not.

Researchers can use the tool to assess which questions their project raises in terms of data protection and ethics and inform themselves whether they need to submit their project to the appropriate body (UZH Data Protection Law Section, Faculty Ethics Committee, cantonal data protection commissioner or cantonal ethics committee). The information and recommendations collected by the tool are finally summarized for the researchers in the form of a PDF document.

Data Protection

One of the main objectives of the self-assessment tool is to find out whether personal data is being processed and, if so, whether it is based on sensitive data or personality profiles. It also asks whether data is being processed by third parties. If the answer is yes, the data must be protected by a written contract.

Furthermore, it must be ascertained which law is applicable to the project. The cantonal IDG is always applicable when members of the UZH process data, whereas the European GDPR is only applicable in special circumstances. Depending on the applicable law, different blocks of questions will be asked in the course of the tool.

The following question blocks aim to find out who has access to the data. Depending on the answer, it is recommended to use the corresponding templates provided by the Data Protection Department or to contact them. In addition, compliance with the legal transparency and validity regulations will be checked to ensure that consent has been validly obtained, that the principles of transparency and purpose limitation have been respected, and that processing is proportionate.

Finally, the necessary technical and organizational measures are pointed out. The data protection section ends with a risk assessment regarding data processing and a clarification as to whether a prior check with the cantonal supervisory authority is necessary.

Ethics

The ethics part of the self-assessment tool largely corresponds to the evaluation questions of the faculty ethics committees established at the UZH. The evaluation processes are not affected by the tool: in the case of a positive "ethics finding", the researchers are referred to the corresponding commission.

At the beginning, a number of questions are asked to determine whether the research project falls within the scope of the Human Research Act and must therefore be submitted to the Cantonal Ethics Committee (KEK) for review.

This is followed by questions to determine whether the study should be submitted to a facultative ethics committee. In particular, these questions concern whether vulnerable persons are included in the research, whether certain risks exist for these persons and also for the researchers themselves, and whether there are inappropriate dependencies, incentives or conflicts of interest between the persons involved. These questions also come up when the study has to be submitted to the KEK; they help to prepare an appropriate submission.