Personal data used for research purposes must be used in accordance with the General Data Protection Regulation (GDPR) 2016 and Data Protection Act (DPA) 2018.
The above legislation sets out specific obligations for:
- informing participants about how their data will be used, shared and retained, as well as their rights
- Minimising the use of personally identifiable data wherever possible
- Having in place safeguards to protect the data of research participants
All research using human subjects, human samples (however obtained) or human personal data to be undertaken in the University, or under the auspices of the University, however funded, cannot be carried out without the approval of the University's Research Ethics Committee.
Heads of School are responsible for having procedures in place within their School that identify and review all projects that might fall within the Research Ethics Committee's terms of reference, as described inResearch ethics. However, the Research Ethics Committee will not consider the data protection aspects of a project so the following data protection guidance notes have been prepared to help researchers to deal with data protection issues. These should be read in conjunction with the University's guidance onResearch ethics and the Quality Assurance in Research website.
