The General Data Protection Regulation (GDPR) and Data Protection Act 2018 came into force on 25 May 2018 in the UK. The resources below will help you understand the new requirements as they relate to research. We will add more as we clarify things with the Information Commissioner’s Office (ICO). All of our GDPR guidance notes have been developed in consultation with the ICO.
- GDPR animation: Likely lawful basis for research
- Research, GDPR and confidentiality quiz - test yourself with our quiz
- Research, GDPR and confidentiality – what you really need to know - 10 bite-sized modules accompanied by supplementary resources
- GDPR Guidance note 5: Identifiability, anonymisation and pseudonymisation (PDF, 692KB). The guidance will be enhanced with examples following our workshop on Safe Sharing of Research Data.
- GDPR: Key facts for research (PDF, 149KB)- dispels misconceptions
- GDPR: Answers to some frequently asked questions (FAQs)
- GDPR Guidance note 4: Public interest, approvals and 'technical and organisational measures' (PDF, 136KB)
- GDPR Guidance note 3: Consent in research and confidentiality - covers lawful basis and England's national patient data opt-out programme
- Guidance note 2 was superseded by guidance note 3
- Guidance note 1 (PDF, 403KB) - know what personal data you hold
- HRA GDPR: Technical guidance for DPOs and IG leads
- HRA guidance for researchers and study coordinators
- ICO webpages on GDPR - not necessarily research specific
- UKRI: GDPR and Research – An Overview for Researchers Developed with us and ESRC, supported by the ICO.
- GDPR: What researchers need to know – our blog post for researchers
- Andy Boyd highlights the threat to research from over-cautious interpretation of data protection legislation
You can find out how the MRC Regulatory Support Centre uses the personal data we hold in our privacy notices below: