Checklist for filling out the Notification Form

1. Consider some key questions

In order to evaluate and provide advice to the project, we need to know what you will be researching and how you plan to collect and store the data you need.

• What will you be researching?
• Who is the sample and what methods will you use?
• What personal data do you need to answer your research question?

Depending on what and who you will be researching, there may be various issues or requirements you should be aware of.

2. Draft an information letter 

The right to information about who is using your data and for what purpose is a fundamental right in the General Data Protection Regulation (GDPR).

The law sets clear requirements for the information participants must receive before data collection. If the data collection is to be exempt from the duty to provide information, you must argue well for this.

The information letter should help those whose information you are processing to understand what data you will collect, and what it means for them.

See what information you must provide and feel free to use our templates for information letters.

3. Upload relevant attachments

Before we can assess the project, any questionnaires, interview guides, and/or variable lists must be uploaded. This helps us understand the purpose of the project, and the scope of personal data being collected.

If you are going to conduct interviews, we do not necessarily need to see all the questions you will ask, but get a general understanding of what information is being registered.

If the project is to receive data from Statistics Norway, the variable lists must be uploaded in the format of Statistics Norway’s order form.

4. Minimize the inconvenience to privacy

All processing of personal data involves some inconvenience to privacy. How big the inconvenience is, depends on various factors. For example:

• How much information is registered, both per person and in total in the project
• How sensitive the information is
• How well data is secured
• How long data is stored and how many people have access

Consider which aspects of your project can cause inconvenience to people you collect information about, and what you can do to reduce the inconvenience.

For example: What variables do you need, can you avoid registering special categories, and when is it possible to anonymize the data material?

Also consider whether the entire project group should have access to all material, or if you can add more security measures.

In general, projects with higher inconvenience to privacy require more extensive assessment from Sikt, which can increase the assessment time.

Higher risks regarding the participant’s rights also places higher demands on the project and the project's considerations. The project must be well structured, the information must be stored in a secure manner, etc.

5. Familiarize yourself with information security guidelines

The institution you belong to has guidelines for information security and data management that you must follow. These can be useful in choosing a supplier for questionnaires, to ensure secure data storage, etc.

In the guidelines, you will find information on how data should be stored, what security measures are required, and what questionnaire suppliers the institution has agreements with.

Check that your project follows the guidelines for your institution. You can usually find the guidelines on the institution's website and/or internal pages. Ask your supervisor, colleagues/manager, or data protection officer.

6. Investigate if you need approvals/permissions

In some research projects, it may be necessary to apply for permission to carry out the project. 

• If you are going to conduct research at an institution (school, prison, hospital, workplace, etc.), it is important to get permission from the management.
• If you are going to access confidential information, it may be appropriate to apply for a waiver of confidentiality.
• For projects covered by the Health Research Act, you must have an ethical approval from the Regional Committees for Medical and Health Research Ethics (REK).