Hello everyone,
The Synapse documentation does not mention GDPR.
I wonder if anyone from Europe has considered this regulation when uploading their datasets to Synapse?
Just wondering if there is some sort of GDPR-specific functionality (e.g. for participant removal from a dataset) or broadly some evidence that submitting data from European subjects to Synapse (with appropriate Conditions for Use of course) is okay.
Admittedly this is a subject I am not fully informed on all the specifics, and being a starting PI I've never had to upload data as the main responsible person.
I did not see a thread on this before, hope the discussion is of interest to other users as well.
Best wishes,
Andre Rendeiro
Created by André Rendeiro afrendeiro Thank you for this question, Andre.
Synapse supports compliance with applicable laws and regulations in a shared responsibility model.
Synapse is a data platform hosted on the AWS cloud. When acting as a Data Processor under GDPR, Sage is responsible for securing the data and establishing the appropriate data use governance mechanisms. A combination of technical and organizational security measures, policies, and governance processes are in place to protect the data. Data contributors, acting as Controllers under GDPR, are responsible for the personal data they provide to Synapse.
Synapse's privacy policy describes how we handle personal information on Synapse. Sage's DPO manages and oversees this and other policies that govern platform use and agreements that govern data access.
For more specific information regarding your use case, you can write to us at act@sagebase.org. Our Access and Compliance Team works with contributors to ensure the appropriate data governance structure is in place and in accordance with relevant regulatory frameworks.
On behalf of the DPO and Synapse Access & Compliance Team