Data Sharing and Re-use SOP

To guide the sharing and re-use of data generated by the BNR

11 May 2026

1. Purpose

This SOP guides BNR staff through the process of reviewing, approving, and managing all requests to share or re-use BNR data. It ensures that every data release:

Complies with the Barbados Data Protection Act (2019).
Protects individual confidentiality.
Supports research and public benefit.
Is transparent and fully documented.

This procedure applies to all BNR staff involved in handling data access or sharing requests.

2. Definitions

Term	Description
Public Data	Fully anonymised and aggregated data that can be shared openly (e.g. annual statistics, reports, dashboards).
Restricted Data	De-identified record-level data shared with approved researchers under a signed Data Sharing Agreement (DSA).
Controlled Data	Identifiable or linkable data used only within BNR operations and never shared externally.
Data Trust	A small technical sub-group of the BNR Advisory Committee responsible for reviewing and approving restricted or controlled data requests.
BNR Data Release Register	A secure REDCap log used to record all data sharing requests, approvals, and datasets released.

3. Roles and Responsibilities

Role	Responsibility
BNR Technical Lead	Coordinates data requests, ensures compliance, and acts as Data Trust Secretariat.
BNR Data Manager / Analyst	Prepares datasets, applies de-identification and aggregation, and updates the Data Release Register.
BNR Data Trust	Reviews and approves data sharing requests, ensuring compliance with law and ethics.
BNR Advisory Committee	Receives formal reports from the Data Trust and provides policy oversight.

4. Step-by-Step Procedure

Step 1 – Confirm Data Type and Intended Use

On receiving a data request, classify the request as Public, Restricted, or Controlled using the BNR Tiered Access model.
Record the request in the BNR Data Release Register with date and requester details.
Identify the intended use:
- Research or academic
- Policy or planning
- Public communication
- Commercial or consultancy
Ensure only the minimum necessary data are requested to meet the purpose.

Responsible: BNR Technical Lead and Data Manager

Step 2 – Review for Legal and Ethical Compliance

Check that the request aligns with the Barbados Data Protection Act (2019) and existing BNR policies.
Confirm whether ethics approval is required and that it has been granted by a recognised research ethics committee.
Verify that the project serves a public health or research purpose
If there is any uncertainty, refer the request to the Data Trust for advice before proceeding.

Responsible: BNR Technical Lead and Data Trust

Step 3 – Apply the Correct Governance Tool

Type of Request	Required Governance Tool	Description
Public Data	Internal review only	Ensure all data are aggregated and anonymised before publication or upload to Zenodo.
Restricted Data	Data Sharing Agreement (DSA)	Must be signed by the requester and the BNR before any data are released. Defines permitted use, data protection, and retention terms.
Controlled Data	Internal BNR Use Only	Access limited to authorised staff under existing confidentiality agreements.

In all restricted cases:

The Data Trust reviews and approves the request.
The BNR Technical Lead ensures the DSA is signed and stored.
No data are shared until both steps are complete.

Responsible: BNR Technical Lead and Data Trust

Step 4 – Record and Track All Approvals

Update the BNR Data Release Register for every approved request.
Record:
- Requester name and institution
- Dataset name and version
- Approval date and reviewer(s)
- Reference to signed DSA (if applicable)
- Expected end date or follow-up date
Upload the signed DSA to the new record in the BNR Data Release Register.
Notify the Data Manager to prepare and deliver the approved dataset.

Responsible: BNR Data Manager and Technical Lead

Step 5 – Communicate, Publish, and Report

For public data, upload anonymised datasets to the BNR repository on Zenodo with full metadata and a permanent DOI.
Publish brief summaries of approved restricted data projects on the BNR website.
Include annual summaries of all data releases in the BNR Annual Report.
Present data sharing statistics and outcomes to the BNR Advisory Committee through the Data Trust.
Encourage external data users to share project results or publications with the BNR.

Responsible: BNR Technical Lead, Data Manager, and Data Trust

5. Data Security and Confidentiality

All datasets must be stored on secure, password-protected institutional servers.
Transfer of data should use encrypted, approved methods (no personal email or portable drives).
Access to restricted data is limited to named individuals on the DSA.
The BNR retains ownership of all data and may revoke access if terms are breached.

6. Record Retention and Review

The BNR Data Release Register and associated DSAs are kept permanently as the record of data governance activity.
The Data Trust reviews data sharing procedures every two years to ensure ongoing compliance with law and best practice.
Lessons learned from completed projects are incorporated into the next review of this SOP.

7. References

Barbados Data Protection Act (2019)
BNR Data Sharing Agreement (Research Use Template)
BNR Data Trust Framework
BNR Data Access Statement

Summary for Staff

Step	Task	Who	Record
1	Classify data and intended use	Technical Lead / Data Manager	Data Release Register
2	Check compliance and ethics	Technical Lead / Data Trust	Approval record
3	Apply governance tool (DSA or internal)	Technical Lead	Signed DSA
4	Record approval and release	Data Manager	Register + Dataset log
5	Publish and report	Technical Lead / Advisory Committee	Annual report + Zenodo DOI

Approved by: BNR Technical Lead
Effective date: May 2026
Review date: May 2027
Version: 1.0