Skip to content
Search dst.dk

    About Denmark's Data Portal

    Denmark’s Data Portal is an application that provides easy, efficient and secure access to Danish data for research, analysis and management. 

    Danish data is of great significance to the development of Danish society. For that reason, Statistics Denmark has established a data portal, which provides researchers, analysts and Danish businesses with an enhanced view of the Danish underlying data basis while making the whole process from application to data smoother. In other words, the solution offers one user interface, one point of access and one secure solution to meet all data requirements for statistics, research, management and analysis.

    In collaboration with other data owners, the data portal builds on the services that already exist in Statistics Denmark, and new functionality and services are added continuously to meet user needs.

    A collaborative solution

    The data portal is conceived as a collaborative cross-disciplinary national solution for the benefit of research establishments, private businesses and public authorities – completely in line with the intentions behind Denmark’s national public digitisation strategy.

    Users get a complete view of all registers as well as support in finding the data best suited for their purpose. Moreover, the solution provides quick user access, once the requirements to data security and data confidentiality are met, and with the possibility to get advice and support in the process. Finally, case processing and approval of project applications take place as part of an automated process, thus ensuring progress for the project and transparency for the users.

    Data security

    In Denmark’s Data Portal, the focus data security and information security is massive. Data is built in a special system, which is based on processes of high security, safe management and secure procedures.

     

    Administrative procedures and guidelines

    In Statistics Denmark, we comply with the non-discrimination requirements of the Danish Public Administration Act. This means that all rules and security requirements apply to all users and all collaborative partners. In other words, nobody gets easier terms or has to meet a lower level of security than others do.

    Statistics Denmark's procedures complies with current legislation with respect to GDPR, which is tested via external revision and the ISO 27001 standard, which is the security standard for government authorities. The security is tested annually as a result of Statistics Denmark's ISO 27001 certification.

    Statistics Denmark has prepared a set of guidelines for use of researcher machines, which applies for all research and analysis projects carried out within the framework of Denmark's Data Portal and Research Services. In the guidelines, you find for example the requirement that work must be carried out on pseudonymised data, and that Statistics Denmark's methods for statistical disclosure control must be applied. Other examples are the principles of data mining as well as requirements for a clearly defined emergency response and decision guidance documents in connection with the handling of data breach and security incidents.

    Read more under Rules on transfer of analysis results

    Secure application

    In Denmark's Data Portal, a two-factor login is always used for both the application and the researcher machine, and there are requirements to the security in net traffic and requirements for secure network protocols, as per the Danish Centre for Cyber Security's requirements and recommendations.

    The application is thoroughly tested for external penetration - see further under `Certification and external control' below.

    Secure data processing and secure workflows

    Agreements exist between Statistics Denmark and all research and analysis institutions in Denmark. The agreements focus on issues such as clarity of roles and responsibilities and ensuring that the employees of the research and analysis institutions handle the administration of the individual institution in the most appropriate way. This is sustained through regular contact with user committees, release of awareness campaigns and user surveys.

    In Denmark's Data Portal, researchers and analysts are certified in a special module focusing on compliance with the data processing and data security rules. This means that each user regularly must go through a number of questions regarding data processing and GDPR to maintain their access to Denmark's Data Portal and Research Services.

    The workflows for researchers as well as analysts and administrative employees in Statistics Denmark are reviewed annually by the internal supervision and assessed by IT architects, IT managers ad information security coordinators for the purpose of ensuring that there are no loopholes or overlooked ways of cheating, gaining unintentional access or abusing user roles. The detailed authorisation system in Denmark's Data Portal has been reviewed specifically for the purpose of verifying that a multi-person system has been set up for approval and update, which ensures that individual persons cannot exploit or abuse the system.

    We carry out systematic system control to ensure that research results for transfer do not contain personal data or individual data (microdata), and we perform randomised sampling and management-initiated samples based on risk assessments.

    Certification and external control

    Security is continuously monitored both through Statistics Denmark's internal supervision and external inspections and audits. Statistics Denmark maintains regular contact with independent external experts who assess, test, and stress test the security of the systems, source code and workflows. The security of our pseudonymisation algorithm has been verified through an external review from the cyber security department, and an executive summary of this can be provided upon request to relevant stakeholders. Likewise, external experts have verified the so-called transfer control.

    External audit:

    Statistics Denmark's Research Services annually obtains an external audit statement of the ISAE 3000 type, which can be provided to relevant stakeholders. The audit statement, which is accompanied by a corresponding ISAE 3000 statement for the general IT environment and IT workflows, describes a range of security-related control areas, including technical security measures, storage and processing of personal data, and more.

    ISO 27001 certification:

    Statistics Denmark undergoes an annual process to maintain the achieved ISO certification ISO/IEC 27001:2013. The audit process is conducted by the international and independent certification company DNV-GL. The scope, i.e. the area that has been checked and ISO 27001 certified, is ¿IT and business processes in the statistics production, including data collection, in accordance with Statement of Applicability".

    Penetration tests:

    Statistics Denmark has a number of penetration tests carried out each year, where external experts attempt to find vulnerabilities in the technical shell security of systems and access points. This leads to continuous focus on updating to the latest versions of web-facing technologies and security in the firewall. Daily monitoring is in place for external penetration attempts, and there is ongoing surveillance of network traffic in the firewall and associated systems.