Please note that the content has been automatically translated from English original. There may on occasion be slight inaccuracies in this automatic translation

IDDO legal and regulatory documentation

IDDO maintains documentation to ensure compliance with the global data protection regulatory landscape, in particular the EU General Data Protection Regulation (GDPR), UK Data Protection Act 2018 and the UK GDPR. Documentation available on request: email us at dataaccess@iddo.org.

Infographic showing the IDDO data journey

Key legal and regulatory documentation

IDDO Data Privacy Impact Assessment

This document records and demonstrates how IDDO embeds data protection by design and default into its data processing. While not required to complete a DPIA as a processor, IDDO maintains this DPIA as part of its data governance framework to achieve high standards, transparency and confidence in its handling of personal data

IDDO Terms of Submission

The IDDO Terms of Submission sets out the legal terms and conditions for submitting your raw data to the IDDO data platform. This document sets out licensing and governance terms, your obligations as a data contributor and our obligations as the data processor, your choices about how access requests to your data are handled, important details of our data curation processes, and other important information.

Please do read the agreement carefully before submitting data to us and agreeing to the terms, together with our list of frequently asked questions. Email us at dataaccess@iddo.org for a copy of this document.

IDDO Technical and Organisational Measures (TOMs)

The technical and organisational measures presented in this document are implemented by IDDO in accordance with GDPR. They are continuously improved by IDDO to ensure a level of security appropriate to risk in relation to latest best practice.

IDDO De-identification Procedure (Clinical Trials)

This document provides an overview of the data de-identification framework adopted by IDDO to preserve the privacy and data protection rights of the participants included in the research studies shared with IDDO.

IDDO Sub-processors

IDDO maintains a current list of approved Sub-processors who process data on behalf of IDDO and in accordance with the Terms of Submission. All IDDO Sub-processors pass a Third-party Security Assessment conducted with the University of Oxford Information Compliance Team.

IDDO Data Access Committee

The IDDO Data Access Committee (DAC) is an independent committee chaired by TDR (the Special Programme for Research and Training in Tropical Disease), on behalf of the World Health Organization. The DAC provides an indepenent decision-making mechanism to evaluate and decide on data access applications for IDDO-curated data.

IDDO Data Use Agreement

This document sets out the obligations of the data requester/recipient with respect to handling the data including, in particular, data deletion upon completion of the analysis; not sharing the data beyond the authorised team and for the purpose stated in the approved data access application.

IDDO/WWARN Policy on Data Use, Publication and Credit

This document sets out our policy on data use and publication.

IDDO Data Access Guidelines

Find out about the guidelines that the independent IDDO Data Access Committee uses when assessing applications to access data deposited on the IDDO platform.