Centre for Clinical Brain Sciences

Data Access and Governance

This page contains information about the CCBS Data Access and Governance (DAG) Committee, plus links to useful guidance and resources related to data management, storage, sharing and archiving.

The CCBS DAG commitee

The CCBS Data Governance and Access (DAG) committee comprises Investigators, IT Specialists & Data Management Experts from across CCBS: Clinical Neuroscience, Psychiatry and Neuroimaging. There are approximately 25 members.

The committee is chaired by Prof Rustam Al-Shahi Salman and supported by Ann Ross and Rebecca Devon.

The committee was formed in May 2016 and meets annually.

New members are welcome.

General Data Protection Regulations (GDPR)

CCBS operates under the University of Edinburgh regulations and guidelines so please ensure that your activities (research or otherwise) are compliant.

University of Edinburgh GDPR pages


Please ensure you have done the first two training courses, and the third too if you are a researcher:

  1. Data protection
  2. Information security
  3. DP Training Research (search for this on LEARN)

Data Protection Impact Assessments (DPIA)

You must conduct a DPIA when commencing a new project, be it research / procurement / event / newsletter etc...

More information at www.ed.ac.uk/records-management/guidance/checklist/data-protection-impact-assessment

GDPR checklist

Please refer to the following checklist which covers privacy notices, DPIAs etc along with some sample wording.  

Data Management Resources

University of Edinburgh Research Data Service

See the Research Data Service website or contact the team on data-support@ed.ac.uk.

There are sample DMPs available and the team can provide practical assistance with writing data management plans, if enough notice is given.

Digital Curation Centre

Lots of useful information, in particular Data Management Plans FAQs and DMPOnline, a data management planning tool.

Training in Research Data Management


Medical Research Council Data Sharing

MRC policies and guidance for researchers including templates for data management plans


Other University of Edinburgh Resources

University of Edinburgh Records Management (practices and procedures, data protection and freedom of information)

University of Edinburgh Information Services policies & regulations (computing, information security, research publications & data management)

University of Edinburgh guidance on how to encrypt sensitive data

Research Data Management forum on Sharepoint


SafeHavens  / Trusted Research Environments

The following information has been kindly provided by David Perry, Head of Scientific Computing, IGMM.


A SafeHaven or Trusted Research Environment (interchangeable terms) is a system for storing restricted and controlled data [1] where there is a requirement to control user access to the data and control ingress & egress of data from the system by any means [2].

[1]  Data that do not belong to the University, provided by external bodies under Non-Disclosure Agreement or Data Processing Agreement where confidentiality and integrity must be preserved; OR  data that do belong to the University but are highly restricted and confidential.

[2] Data must not be able to leave the system without some form of approval process. Controls must include how Users interact with the data but also how the system is managed and maintained; e.g., secondary copies of data on data backup tapes; how storage media utilised by the system are decommissioned; how Support Engineers are allowed to access these systems - staff and contractors. There will need to be some form of GateKeeper role / process for ingress & egress that includes auditing / approvals.

What is available at the University of Edinburgh?

The University of Edinburgh  doesn’t currently have a SafeHaven that is available for use by staff.

There is the Farr Institute’s SafeHaven and other Commercial offerings such as from Aridhia.

The University is aiming to build a SafeHaven in 2017. For more information please see the Data Safe Haven Service page on the UoE Projects website.


Member-suggested useful links

Creative Commons Licenses

A brief and useful overview, presented to the CCBS DAG Committee by David Rodriguez-Gonzalez 23rd Nov 2017:

The RCUK Concordat on Open Research Data

The Concordat highlights the principles of open science and where responsibilities lie. The take-home message is that data should be made freely available and citable (unless there is good reason not to, and with the right to reasonable first use). It is the responsibility of the University to provide resources and training, and the responsibility of the funder to support the cost.

The summary, and full document, are available in the DAG DataSync folder.

Data protection

Data Protection Act 1998

University of Edinburgh Data Protection Policy

Access to information

Access to Health Records Act 1990

Freedom of Information (Scotland) Act 2002

Adults with Incapacity (Scotland) Act 2000

Disclosure of confidential information

General Medical Council guidance on Confidentiality

Department of Health Confidentiality: NHS Code of Practice (including supplementary guidance on Public Interest Disclosure)

Health and Social Care Information Centre (HSCIC) (now named “NHS Digital”)

Information Governance Toolkit

Public Benefit and Privacy Panel for Health and Social Care (PBPP)

Incorporates The Community Health Index Advisory Group (CHAIG), NHS National Services Scotland Privacy Advisory Committee  (PAC), and National Caldicott

General information


Section 251 and the Confidentiality Advisory Group (CAG)

General information


Data reproducibility

NIH training videos about reproducibility  


Got something to add?

Please send any suggestions for useful content to Rebecca.Devon@ed.ac.uk


Related links

CCBS DAG folder on Datasync: look here for committee agenda, minutes and other shared documents