The General Data Protection Regulation (GDPR) and Data Protection Act 2018 came into force on 25 May 2018 in the UK. The resources below will help you understand the new requirements as they relate to research. We will add more as we clarify things with the Information Commissioner’s Office (ICO). All of our GDPR guidance notes have been developed in consultation with the ICO.
- GDPR: Key facts for research (PDF, 112KB) - MRC, HRA, ICO and other stakeholders dispel some misconceptions
- GDPR: What do I need to do? - Answers to some of your frequently asked questions. We will add to this resource over time.
- GDPR Guidance note 4: Public interest, approvals and 'technical and organisational measures' (PDF, 63KB)
- GDPR animation: Likely lawful basis for research
- GDPR: What researchers need to know – Our blog post for researchers.
- GDPR Guidance note 3: Consent in research and confidentiality - covering the likely lawful basis for research, consent in research (and confidentiality) as well as England's national patient opt-out programme
- GDPR preparation: Guidance note 2 is now withdrawn, Guidance Note 3 supersedes it. Guidance note 1 (PDF, 55KB) - know what personal data you hold includes definitions from the old 1998 Data Protection Act
- Health Research Authority's GDPR: Technical guidance - a revised and consolidated version of the official HRA briefing notes that we helped develop
- Information Commissioner’s Office webpages on GDPR - generic guidance for all organisations holding personal data (not necessarily research specific)