Common data application forms to boost cross-border use of electronic health data within the European Union

WP7 - Regulatory and legal compliance

The Finnish Social and Health Data Permit Authority (Findata) led the Task for creating the forms for applying for electronic health data for secondary use: a data access application and a data request. The aim was to make user-friendly forms that would align with the EHDS Regulation proposal and GDPR requirements, accommodating variations across nodes. These forms are designed to provide health data access bodies with the necessary information about planned data use to assess applicants’ eligibility for data access permits. 

A data request form is used for requesting anonymous aggregated data that can be processed by the data user freely without specific security measures. A data access application form is used for applying for anonymised or pseudonymised personal-level data. Personal-level data can only be processed in a secure processing environment to ensure data protection of individuals.

The purpose of the forms is to provide enough information to the health data access body to assess whether an applicant can be granted permission to use the data. At the same time, it is important that the form is not too burdensome or complicated to fill in nor process.

These forms are based on the requirements outlined in the European Health Data Space (EHDS) Regulation proposal presented by the European Commission in May 2022, and also take into account the General Data Protection Regulation (GDPR).

Experience used as a basis for creating the forms
  • Findata’s own application forms served as the foundation for developing the forms, as they have gone through several iteration rounds and have proved to work well during Findata’s four years of operation. With more than 860 applications successfully received and processed at the time the development of the forms began, Findata’s experience provided a solid starting point.
  • The French, Norwegian, Danish and Belgian application forms were also used as references when defining the necessary elements for the common European forms.
Project partners supporting the work
  • The forms creation process included multiple rounds of comments among various project partners, ensuring everyone had the opportunity to contribute and suggest improvements.
  • Furthermore, Findata organised several workshops to delve deeper into the questions of the forms: Are they necessary for evaluating whether a data permit can be granted or not? Do they provide relevant information for the health data access bodies handling the applications? Are they clear from the users’ perspective?
  • The Participants shared practical experiences as data  users, application processors and legal experts, refining the form accordingly.
About the process
  • Besides formulating the questions, the Task force suggested a format for each question, determining whether it should be structured with predefined answer options or an open question with a free-text response field.
  • Furthermore, the Task force designed the form questions to dynamically adjust based on the applicant’s selections and answers. A comprehensive report was prepared to accompany the forms, detailing the context of the task, outlining the methodology used in creating the forms, explaining each section of questions, and providing recommendations for implementation and further development of the forms.

To learn more about the Common data application form: D7.1 Common Data Access Application Form and accompanying report


  • Peija Haaramo, Chief Specialist, Findata,
  • Sofia Marin, Project Officer, Findata,