Overview

The General Data Protection Regulation (GDPR) requires organizations to keep a detailed inventory of the data they collect from individuals. This can be tricky for research institutes, where researchers often organize their work with a high degree of autonomy.

Castellum addresses this by acting as a centralized repository where researchers share information about the individuals from whom they’ve collected data. It also tracks recruitment consent, helping you to build a valuable pool of participants for future research projects.

Screenshot of the castellum start page

Features

GDPR Compliance

Castellum is a central place where researchers share details about the individuals they’ve collected data from, making it easy to handle requests for access or erasure.

Pseudonym service

Contact details are stored in Castellum so research data can be stored with pseudonyms instead.

Recruitment

Find potential participants from an existing pool using study specific filters.

Appointments

Manage appointments for test sessions or let participants pick themselves.

What Castellum is not

Castellum itself is not meant to store any scientific data. It only stores information about which studies a subject has participated in as well as the corresponding pseudonyms.

Note

There are only two notable exceptions to this rule: Study participations and recruitment attributes both contain traces of research data, but are required for the recruitment process.

Which features get integrated?

We often found it difficult to decide on levels of integration. Therefore, we want to provide some guidelines for future developers that should be considered before adding a new feature to Castellum:

  • Can the feature be decoupled from communication with subjects? For example we decided to integrate recruitment because it cannot be decoupled.

  • Would the new feature introduce different staff members (user groups) who would use Castellum only for this reason? For example, we decided against integrating a public relations view on current studies as it would have introduced staff members who otherwise have nothing to do with subject data.

  • Are there well established processes or tools that do not need to be replaced? Examples might include calendars or room management.

  • Are there established protocols to interface with the existing services instead of reimplementing them? For example, Castellum supports authentication via a central LDAP service.

  • Is it acceptable for users to integrate with external processes manually? For example, a pseudonym generated by Castellum would usually be entered into a MRI device by hand.

  • Is the feature preventing us from addressing the various needs of different research institutes?

Rather than applying these questions as strict rules we try to balance them within the process of reaching a decision.

Installation

Full installation instructions are available in the project repository.

Contact