====== NORMENT research legality ======
As a researcher in NORMENT you will use either general or personal sensitive data, and must be aware that there are a number of requirements for such use and you must know the legal grounds for permission before you can start your work.

The data collection and data storage in NORMENT is legally founded in the REK agreement **REK 2009/2485**
GDPR require documentation of lawfulness of processing of personal data.
In NORMENT, this lawfulness is based on **GDPR Art.6 nr.1a, and Art.9 nr.2a**; Consent-based research.
GDPR is integrated in Norwegian Law, and found in Personopplysningsloven.

Links:
  * Datatilsynet resources on Health research[[https://www.datatilsynet.no/personvern-pa-ulike-omrader/forskning-helse-og-velferd/helse-og-forskningsprosjekter/]] 
  * Norwegian Law regulating Health research[[https://lovdata.no/dokument/SF/forskrift/2009-07-01-955]]
  * Norwegian Law regulating Personal data[[https://lovdata.no/dokument/NL/lov/2018-06-15-38]]
  * GDPR principles for UIO researchers[[https://www.uio.no/for-ansatte/arbeidsstotte/sta/personvern/personvernforordningen.html]] 
  * Full EU GDPR regulations[[https://gdpr.eu/tag/gdpr/]]

==== The 7 key principles of GDPR ====


  * Lawfulness, fairness and transparency.
  * Purpose limitation.
  * Data minimisation.
  * Accuracy.
  * Storage limitation.
  * Integrity and confidentiality (security)
  * Accountability.
