...
Of course also the AAI itself will use and generate personal data as part of providing access to services. This is not the kind of data that usually leads to specific risks, as long as you follow the REFEDS Data Protection Code of Conduct. And of course if you engage platform providers for your AAI make sure these follow the REFEDS good practices as well.
Beware also of data-level access control, and how to work with replicated data. This usually needs a data access management system, such as the Resource Entitlement Management System (REMS), a tool for managing access rights to data and datasets.
When risk assessment is absolutely critical
...
...
Does your collaboration work with human, societal data, or collects questionnaires? Is your research likely to be classed as dual-use or export restructured? Does the research, or your collaboration users, touch on knowledge safety? Is approval by medical/ethical commissions needed? Are you dealing with biodiversity or genetic resources subject to the Nagoya Protocol? Do a specific risk assessment or ask your institution for guidance.
...