It is the responsibility of the head of any register-based research project to ensure that required permissions have been obtained from relevant authorities. Below is a rough guide to application procedures.

!! Note that each authority has a processing time of several weeks to a few months, so it may take a year from the day you notify the Data Protection Agency to the day you can access your data.

Please contact Allan Timmermann ( if you are unsure of the correct application procedure.


Every time you want to initiate a register-based research project, you need permission from the Danish Data Protection Agency (in Danish: ‘Datatilsynet’).

Aarhus University has been granted a general permission for research and statistical projects that include personally sensitive data. You therefore notify AU of new projects, project extensions, data transfer etc. and the university informs the Danish Data Protection Agency of relevant ongoing research activities. CIRRAU users report their projects using a form - please us link on the right. The form will include information on e.g.

- Name and address of the person responsible for the study

- Title and purpose of the study

- Persons whose data are included in the study

- Type of data etc.  

Project notifications are required in order to 1) keep control of data analyses carried out and 2) ensure openness regarding ongoing studies. According to the data protection agency, studies that include information on private matters, e.g. health data, and data that are associated with individual persons, may only be carried out after you notify the data protection agency and obtain their permission.

Note: In case you need information exclusively from Statistics Denmark a project notification is not necessary as they have a general permission from the data protection agency to perform research.

The Danish Data Protection Agency has a homepage with information in English and a link to an English translation of the Act on Processing of Personal Data. It is your responsibility to ensure that your proposed study is in accordance with Danish law, and in case of uncertainties or queries, make sure to contact the data protection agency.




All projects applying personally sensitive data need to notify the Danish Data Protection Agency

You need to open the file in Adobe to fill it out. When done, submit it as stated at the bottom of the form, and you will be assigned a local file number when the notification is approved by AU.


The National Committee on Health Research Ethics needs to be notified of any health research projects and give their permission before the study may be initiated. This means that if you plan to carry out a research project based on both register data and data from biological samples (e.g. genetic data), you have to notify the committees on health research ethics instead of the data protection agency. 

In short, a health research project is one that includes studies on

- Live-born human individuals

- Human gametes intended for fertilization, fertilized human eggs, zygotes and fetuses

- Tissue, cells and gametes from humans, fetuses etc.

- Deceased individuals

Also included are clinical experiments on medications and clinical experiments on medical equipment. Note that health research projects include studies within traditional health-related research as well as research concerned with social medicine and epidemiology. In addition, health research projects also include studies on psychiatric and clinical-psychiatric disorders, odontological and pharmaceutical research projects.




Guidelines for applications to the Committees on Health Research Ethics are presented on their homepage.


Notifications of projects to be administered at Aarhus University, Aarhus, should normally be submitted to the committees on health research ethics in the Central Denmark Region. If you plan to use genomic data, you may have to apply to the National Committee on Health Research Ethics.


If you want to include data from the Family Relations Database in your study, you need to submit an application to the research support unit at Sundhedsdatastyrelsen (SDS). You need to apply, whether you need 1) permission to receive an extraction of relevant data from the Family Relations Database to be placed in your project folder at Statistics Denmark, or 2) to purchase data extracts directly from SDS and have them sent to Statistics Denmark to be placed in your project folder. There, you may combine the data extracts with data from other sources, e.g. High Quality Documentation Data from Statistics Denmark or cohort data collected by your own research group.

With the application form, you need to upload the following items:

- Permission from the data protection agency or the committee on health research ethics (whichever is relevant to your study)

- Project description

- Description of the data you need for your study

On their homepage, you may find guidelines to the format required for the descriptions of your project and the data applied for (in Danish). -Or you may use our English translations - please find links in the box on the right.


Applications for use of health-related data from Sundhedsdatastyrelsen are comprised by two documents – a project description and a data extract description.

In addition, you need to supply an abstract and payment information etc. when you upload the application using the electronic form on the homepage of Sundhedsdatastyrelsen.

If you apply for extracts from the Family Relations Database, please follow the format for variable lists also used for project requests to Statistics Denmark.

Prescription data 

A version of the Register of Medicinal Product Statistics is managed by Statistics Denmark on behalf of Sundhedsdatastyrelsen. Part of the data are included in 'Projektdatabase NCRR / CIRRAU', and they will be available to you on the condition that you obtain permission from Sundhedsdatastyrelsen to use them in your study. An application for such a permission should be combined with your project request to Statistics Denmark. Please note that special regulations apply to the use of variables ‘RECU’ (physician / general practice prescribing medicine) and ‘RECA’ (authorization ID) and that the use of prescription data is more restricted than other use of other personally sensitive data.