Dictionary domainTrack D
Compliance and regulatory
IRB/REC, IACUC, GDPR, MTAs, EAR/ITAR — the compliance lattice.
For implementers
Operational deployment checklist for Compliance and regulatory: prerequisites, five deploy steps, integration notes for Pure, Symplectic Elements, Worktribe, DSpace, and more, plus the pitfalls that recur in the field.
Terms in this domain
30 terms
ICH GCP (Good Clinical Practice)
The International Council for Harmonisation E6 guideline establishing an international ethical and scientific quality standard for the design, conduct, recording, and reporting of clinical trials involving human participants, compliance with which provides public assurance that the rights, safety, and wellbeing of trial participants are protected and that trial data are credible.
Conflict of interest disclosure
The institutional process by which investigators report significant financial interests, fiduciary relationships, and other competing interests that could directly and significantly affect the design, conduct, or reporting of their research, enabling the institution to assess and manage, reduce, or eliminate identified conflicts.
Data processor
A natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller, as defined in Article 4(8) of the GDPR, only on documented instructions from the controller and bound by a written contract meeting Article 28 requirements.
Data controller
The natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data, as defined in Article 4(7) of the GDPR.
Privacy by design
The obligation under Article 25 of the GDPR for a controller to implement appropriate technical and organisational measures at the time of determination of the means of processing and at the time of processing itself in order to implement data-protection principles effectively and integrate the necessary safeguards into the processing.
Data Protection Impact Assessment (DPIA)
A documented assessment required under Article 35 of the GDPR where a type of processing is likely to result in a high risk to the rights and freedoms of natural persons, describing the processing, assessing necessity, proportionality, and risks, and identifying mitigating measures.
Right to erasure
The right under Article 17 of the GDPR for a data subject to obtain from the controller the erasure of personal data concerning them without undue delay where one of the grounds in Article 17(1) applies and no exception in Article 17(3) operates.
Data subject rights (GDPR)
The collective set of rights conferred on identifiable individuals by Chapter III of the GDPR (Articles 12-22), including the rights to be informed, of access, to rectification, to erasure, to restriction of processing, to data portability, to object, and not to be subject to solely automated decision-making with legal or similarly significant effects.
Withdrawal of consent
The exercise by a research participant of the right to revoke their consent to ongoing participation in research, after which the investigator must cease prospective collection of data or biospecimens from that participant and apply the protocol-specified handling of data already collected.
Dynamic consent
A consent model implemented via a secure digital platform that enables participants to grant, modify, or withdraw consent for specific research uses over time and to receive ongoing communication about studies that use their data or samples.
Broad consent
A regulatory consent option introduced by the 2018 revised Common Rule at §46.116(d) by which a subject consents prospectively to the storage, maintenance, and secondary research use of identifiable private information or identifiable biospecimens for future unspecified studies, subject to the elements enumerated in that paragraph.
Informed consent
The voluntary agreement of a prospective research participant, or their legally authorised representative, to take part in a specific research activity, given after disclosure of the information required by the applicable regulation and free from coercion or undue influence.
HIPAA Privacy Rule
The US federal regulation at 45 CFR Parts 160 and 164 Subparts A and E that establishes national standards for the protection of individually identifiable health information held or transmitted by covered entities and their business associates, requiring authorisation, a waiver, or another permitted basis for any use or disclosure for research.
GDPR (General Data Protection Regulation)
The European Union regulation that governs the processing of personal data of individuals in the EU, requiring a lawful basis for processing, transparency to data subjects, data-minimisation, security, and accountability, with extraterritorial application where data subjects in the EU are targeted or monitored.
Confidentiality agreement (NDA)
A contract by which one or more parties agree to keep specified non-public information in confidence and to use it only for a defined purpose for a defined period, typically as a precursor to scientific discussions or contract negotiations.
Data Sharing Agreement (DSA)
A contract between two or more parties that governs the bidirectional or multilateral exchange of data, allocating responsibilities for data quality, security, lawful basis, sub-processor use, and any controller-to-controller or joint-controller obligations.
Data Use Agreement (DUA)
A contractual instrument required before a recipient may access an identifiable, restricted, or limited dataset that defines permitted uses, security obligations, re-disclosure prohibitions, destruction requirements, and breach-notification duties.
Material Transfer Agreement (MTA)
A bilateral contract governing the transfer of tangible research materials between two institutions that defines permitted uses, ownership of the original material and derivatives, publication rights, liability, and onward-transfer restrictions.
Common Rule (45 CFR 46)
The US federal policy for the protection of human subjects codified at 45 CFR Part 46 Subpart A and adopted by twenty federal departments and agencies, which applies to all non-exempt human-subjects research conducted or supported by those agencies.
IACUC (Institutional Animal Care and Use Committee)
An institutionally appointed committee constituted under the US Animal Welfare Act regulations and the PHS Policy on Humane Care and Use of Laboratory Animals that reviews and approves all proposed activities involving vertebrate animals before such activities may begin.
REC (Research Ethics Committee)
A UK or EU committee constituted to provide an independent ethical opinion on a research proposal involving human participants, their tissue, or their identifiable data before the research may lawfully commence.
IRB (Institutional Review Board)
An institutionally designated committee constituted under 45 CFR 46.107 that reviews, approves, requires modification of, or disapproves research involving human subjects before any such research may be initiated at the institution.
Reuse license
A set of terms and conditions that facilitates the reuse of published information.
Publishing agreement
A legal contract between publisher and author(s) to publish written material by the author(s). This may involve a single written work, or a series of works.
Publication permission
The circumstances under which copyright material may be used and where permission must be sought from the copyright holder.
Press embargo
A request by a source that the information or news provided by that source not be published until a certain date or certain conditions have been met.
Licence
Signed agreement to exploit a piece of IP such as a process, product, data, or software.
Embargo
Restriction of access to the content of a copy of a work for a defined period of time.
Copyright
A legal right created by the law of a country that grants the creator of an original work exclusive rights for its use and distribution.
Copyright transfer agreement
A legal document containing provisions for the conveyance of full or partial copyright from the rights owner to another party.
