To encourage non-biomedical research projects conducted at UPF to fulfil basic ethics and personal data protection requirements, CIREP has established the following procedure:


Step 1. Review Application Reception

CIREP receives a complete application, which contains the following documents.


1.1. Self-Assessment Ethics Checklist - mandatory

The ethics and personal data protection checklist helps the principal investigator (PI) determine whether a project must be submitted to review and the accompanying information and documentation that needs to be provided (including whether a DPIA is needed, see 1.3).


1.2. Protocol Form - mandatory

In the protocol form one must describe the research objectives, methods, participants, recruitment methods, personal data processing strategies, and other ethical aspects of the project.


1.3. Data Protection Impact Assessment (DPIA) Form - if applicable

Exceptionally (if indicated in the checklist), the DPIA form will have to be filled out.


1.4. Informed Consent - if applicable

The informed consent document describes the participation in a clear and intelligible manner so that potential participants can make an informed decision whether to participate or not.


Step 2. Prescreening

Before registering the new application, CIREP checks that the PI has completed the research ethics and personal data protection training, that all the documentation provided is complete, and that the information included is sufficient to evaluate the project. In the prescreening phase, PIs may be required to provide additional information.

If the PI has not completed the online training, they will be asked to do so before their application is processed.


Step 3. Ethics Review

After the application has been checked and registered, it is sent to the Committee members, a coordinator is assigned, and the review process, which includes different steps, is initiated.


3.1. External Peer Review

Apart from the evaluation by a CIREP member, another independent peer review is requested from an expert in the relevant field. The external peer reviewer examines all the documentation and fills out the external peer review form.


3.2. Personal Data Processing Review

If the project involves processing personal data, an expert in these matters reviews its adequacy to the relevant regulations and provides an independent assessment.


3.3. Integrated Review

The coordinator combines the different reports into an integrated review draft, which includes recommendations and requests that PIs need to address. The draft is shared with all the Committee members.


3.4. Discussion

CIREP members meet on a monthly basis and discuss all the applications. As a consequence, a decision on the ethics and personal data review is reached and a final version of the integrated review is produced.


3.5. Adaptations

The integrated review is sent to the IP, who has to revise and resubmit their original application within two weeks. 


3.6. Final Decision

The Committee evaluates the revised documentation. At this point, most applications are approved, although some applications require further revisions.


Step 4. Approval

An ethics compliance certificate is issued. In addition, in case of UPF projects that involve personal data processing, a personal data certificate is also expedited and signed by UPF’s Data Protection officer.

CIREP does not review research projects retroactively. Thus, researchers need to apply for ethical review before they start their project.


The meeting calendar and tentative application submission dates are listed here. The estimated duration of an ethics and data protection review procedure for new applications is 12 weeks. An expedited procedure may be available for applications following the approved BESLab protocol, minor modifications of protocols previously approved by CIREP, validation of protocols approved by other research ethics committees, and funded projects with a duration under 12 months.  


Modifications to approved protocols must be reported to CIREP, which may need to review them again. If you need to introduce changes to a protocol approved by CIREP, please notify the Committee at [email protected] by resubmitting the approved documents with the changes you would like to introduce clearly marked. You should notify your intention to introduce changes before you actually implement them.