Authorisation of institutions
Institutions must be authorised in order to get access to data under Statistics Denmark’s microdata schemes. This page has information on the possibilities of obtaining authorisation, educational authorisation or client authorisation and on the application process., Apply for authorisation, To get access to pseudonymised data under Statistics Denmark’s microdata schemes, your institution must be authorised. To obtain authorisation, an institution must have a permanent research/analysis environment, which involves e.g. employing a head of staff and at least three experienced researchers/analysts. To apply for authorisation, you must complete the application form at the bottom of this page., Read more about our requirements to your institution and the application under ‘Types of institutions eligible for authorisation’ and ‘Requirements to application for authorisation’ below., Types of institutions that can be authorised, The below environments located in the Danish Realm may be considered for authorisation, if these comply with the application criteria:, The user group is defined under the framework agreement between Statistics Denmark and Danish e-infrastructure Cooperation (DeiC): Publicly funded research and analysis environments (i.e. university departments, government research institutes, ministries, government agencies etc.) as well as charitable foundations in Denmark., In the private sector, the following Danish organisations are eligible for authorisation:, Interest organisations. In this case (and in the case of enterprises), it is relevant to look at the ownership, the staff (education) as well as the tasks solved for public customers in particular. It may be necessary to make inquiries with these customers to get an opinion., Consultancies. However, consultancies cannot get access to business data. The director general may grant an exemption to consultancies allowing them to gain access to business data when carrying out fact-finding or research on business data for a public authority or an interest organisation, provided that this happens with the authority or organisation as data controller., Other enterprises may be authorised but may not get access to data that includes business data., Requirements to application for authorisation, In order to be eligible for authorisation, your institution must have a high and sustained focus on data security. Statistics Denmark has determined four requirements that you must be able to meet:, In the research/analysis environment, there must be a personnel manager who accepts the responsibility for the authorisation and for overseeing that the rules in the authorisation agreement are kept. This includes continuously ensuring that all persons in need of access are familiar with the rules on access to data and the rules on transfer of results., As a minimum, there must be at least three people in the environment with specific experience in handling large data volumes and solid knowledge of our data security rules. Experience may have been gained, for example, through previous access to pseudonymised data under Statistics Denmark’s microdata schemes, or experience otherwise gained with the handling of register data., For private environments, the research/analysis environment must be at least one year old to be considered for authorisation., The environment must appear from the institution website., If you are a public institution, and your research/analysis environment does not meet the requirements, you can consider commissioning an already authorised private consultancy to solve the analytical task for you. For this, you need a client authorisation. Read more under ‘Requirements to application for client authorisation’., If you have questions about the application for authorisation, please contact , FSEautorisation@dst.dk, . Please write ’Re. application for authorisation’ in the subject field., Specifically for Greenland and the Faeroe Islands, According to the General Data Protection Regulation, the Faroe Islands and Greenland are third countries, which is significant in terms of obtaining authorisation:, The Faeroe Islands has obtained an adequacy decision by the European Commission, which means they can be approved as a secure third country. Institutions and enterprises from the Faeroe Islands can thus obtain authorisation on an equal footing with those from Denmark., Greenland has not obtained an adequacy decision, which is why Greenlandic institutions must enter into transfer agreements to obtain authorisation. Until Greenland is approved as a safe third country, authorisation can only comprise public institutions., For both the Faroe Islands and Greenland, the authorised institution must obtain approval from the Danish Data Protection Agency if it wants access to sensitive data according to the Danish Data Protection Act., Without authorisation – what are the options?, If your research/analysis environment is not eligible for authorisation, or if you do not want to be authorised, you have the following options:, You can get Statistics Denmark’s Consulting team to perform the analytical task for you. , See how you commission a task with Statistics Denmark Consulting, You can commission a private consultancy that is already authorised to make the analytical task for you. For this, you need a client authorisation. , Note: , This solution is only offered to public institutions and requires that the performing consultancy has access to the data you need, or that you are granted an exemption allowing the consultancy to get access. Find further information under ‘Requirements to application for client authorisation’ below.,
Apply for client authorisation, To be authorised as a client, you must complete the application form at the bottom of this page. Please note that there are special requirements to the completion of specific fields in the form. Look for guidance under ‘Requirements to application for client authorisation’., Requirements to application for client authorisation, To be considered for client authorisation, you must enter a cooperation agreement with a private consultancy that already holds an authorisation. In that case, the analytical task will be carried out at your/the client’s responsibility, but based on the specialised environment at the consultancy charged with the task., Client authorisations are only offered to public institutions and require that the performing consultancy can get access to the data you need. Please inquire with the consultancy if this is the case before you apply for a client authorisation., Note:, If you need business data with limited access, you can apply for an exemption on behalf of the consultancy. Read about the possibility of applying for an exemption under , Access to business data, ., You cannot apply for an exemption until you have been client authorised., Guide to application for client authorisation,
To apply for a client authorisation you must use the same form as for an application for authorisation (bottom of the page)., All fields in the form must be completed as specified, except for these six:, Under ’Name of institution’ you must add ’- Client authorisation’ , [Example: Agency for xxx - Client authorisation] ,
Under ‘Name of person responsible for authorisation (head of staff)’, you enter the name of the head of staff in your institution who is going to act as the person responsible for authorisation. For the person in question, this involves e.g. assigning roles in DDP App and acting as data controller without any supervisory obligation. The supervisory obligation lies with the consultancy charged with the task. Read more about the division of roles under , User roles, ., Under ’Brief description of your research/analysis environment’, you must state the name and authorisation number (1-3 digits) of the consultancy charged with the task , [Example: Name of consultancy, 123], Under ’Number of researchers in your research/analysis environment’, you must enter ’0’, Under ’Number of people in the environment who have specific experience in handling register data/large volumes of data, you must enter ’0’, Under ’Link to the environment website’, you must enter your institution website., If you have questions about the application for client authorisation, please contact , FSEautorisation@dst.dk, . Please write ’Re. application for client authorisation’ in the subject field., , The next steps and other documents, How Statistics Denmark assesses applications for authorisation and client authorisation, Assessment of application for authorisation, To assess whether you can be authorised, we make a specific assessment based on your research/analysis environment. In doing so, we focus on your competences in data management and your knowledge of the data security rules that apply for access under Statistics Denmark’s microdata schemes., All authorisations need approval from the director general of Statistics Denmark., If you are approved for authorisation, you must enter into a data processor agreement with Statistics Denmark., Assessment of application for client authorisation,
To obtain a client authorisation, your research/analysis environment does not need to be assessed by Statistics Denmark. This is because your analytical tasks will be handled by an authorised consultancy., In the assessment of your application for a client authorisation, Statistics Denmark focuses on whether you are a public institution and whether you have appointed a head of staff as responsible for authorisation., If you are approved for a client authorisation, you must enter into a data processor agreement with Statistics Denmark., Other agreements, documents and guides (in Danish), Autorisationsaftale, Databehandleraftale (pdf), Tilknytningsaftale, Brugeraftale, Read about the rules on transfer of analysis results, Please refer to Statistics Denmark’s Data confidentiality policy and Information security policy, If you have questions about the application for authorisation or client authorisation, please contact , FSEautorisation@dst.dk, .
https://www.dst.dk/en/TilSalg/data-til-forskning/autorisering-af-institutioner
