SDU Analytics develops "decision intelligence". Typically, it involves data, reports, and analyses for decision-making processes that promote SDU's business development, quality assurance, and quality development of SDU's activities.
Legality, data ethics, and other considerations are a natural part of the work processes when assessing which data is relevant to shed light on a given situation.
SDU Analytics has designed an internal governance as a description of the practice with our collectively agreed understanding and interpretation of our use of data. This internal governance ensures that international legislation, national legislation, and SDU's guidelines are followed on an informed basis and in a harmonized practice by all analysts in SDU Analytics. Thus, the internal governance is a quality assurance of legality and data ethics in an efficient data setup.
SDU Analytics also has a proactive internal compliance team, where two data analysts, after advice and guidance from SDU Compliance, have a particular focus on:
- IT information security and user rights with access control
- Access to public records
- Person lists for administrative use
- GDPR, data processing agreements, and records of processing activities
- Data ethics
Below are some extracts from our internal governance:
SDU Analytics is aware that:
- Data must be collected for a specific purpose
- Only the most necessary data should be collected
- There must be proportionality between the degree of collection and analysis and the result that can be achieved
SDU Analytics follows the international standard for a data ethical approach with a reflection framework from the ODI - Open Data Institute in England.
Thus, SDU Analytics addresses the following for each analysis task:
- Data sources, content, origin, and rights
- Limitations on the use of data sources
- Sharing of data with others
- Ethical and legal frameworks for the use of data
- Rights around the data source
- Justification for using data
- Communication of purpose
- Positive effects of using data
- Negative effects of using data
- Limitation of any negative effects
- Interaction with stakeholders about data
- Transparency in analyses
- Continuous implementation of data
- Monitoring and updating of data
SDU Analytics processes personal data based on Article 6(1)(e) of the General Data Protection Regulation:
"Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller."
When SDU Analytics uses individual data, it is typically ordinary personal data, and the use of individual data only occurs where necessary for the task. In special cases, there may be situations where SDU Analytics, under heightened attention and special considerations, must use non-sensitive/special personal data for specific services.
It should be noted that SDU Analytics largely uses aggregated data that is not personally identifiable in the data processing process at SDU Analytics. Moreover, it should be noted that some data is purchased externally through database access under explicit terms.
For projects involving external assistance in data processing or the purchase of external data with personal information, the necessary clarifications are made in close cooperation with SDU's lawyers in SDU RIO to prepare data processing agreements, among other things.
Typically, larger projects will also be sent for notification to SDU's DPO. Generally, SDU Analytics is in close contact with SDU Compliance to ensure data use that is in accordance with SDU's guidelines.
SDU Analytics typically presents statistical presentations internally at SDU. SDU employees who are logged into SDU's network can access the analyses.
Internal transparent analytical support is important for the work of SDU Analytics. On the one hand, the organization's knowledge of the data behind various decision-making processes is increased, and on the other hand, the organization's analytical capacity (data literacy) is generally increased. Both are key elements for all levels of the organization to stay up-to-date and qualified to understand the data used and the analyses carried out, which increases the value of the strategic, tactical, and operational use of the analytical capabilities.
SDU Analytics is always available to help with the presentation, interpretation, and use of the analytical presentations.
Other points of attention
- Public Administration Act
- Danish Data Protection Agency
- Act No. 503 of May 23, 2018
- SDU's guidelines for data-driven management
- SDU's principles on data protection are always in effect
- Employees in SDU Analytics work under confidentiality, as well as under other conditions applicable to administrative staff in the Joint Administration at SDU
- Employees in SDU Analytics have all completed and passed SDU's GDPR course
- Employees in SDU Analytics who work with research data have completed the CWTS Leiden course: 'Responsible use of Research metrics' and are familiar with the Leiden Manifesto for Research Metrics
- Employees in SDU Analytics who work with machine learning are familiar with the AI manifesto
- IT service ensures the most technically secure solution for IT security for data flow and data storage
If you have any questions about data ethics, legality, and data usage in connection with deliveries and services from SDU Analytics, please feel free to email email@example.com