The General Data Protection Regulation (GDPR) and Data Protection Act 2018 came into force on 25 May 2018 in the UK. The resources below will help you understand the new requirements as they relate to research. We will add more as we clarify things with the Information Commissioner’s Office (ICO). All of our GDPR guidance notes have been developed in consultation with the ICO.
- GDPR and Data Protection Act 2018: Key facts for research (PDF, 112KB) - MRC works with the HRA, ICO and other stakeholders to dispel some current misconceptions
- GDPR Guidance note 4: Public interest, approvals and 'technical and organisational measures' (PDF, 63KB)
- GDPR animation: Likely lawful basis for research
- GDPR: What researchers need to know – Our blog post for researchers.
- GDPR Guidance note 3: Consent in research and confidentiality - covering the likely lawful basis for research, consent in research (and confidentiality) as well as England's national patient opt-out programme
- GDPR preparation: Guidance note 2 is now withdrawn, Guidance Note 3 supersedes it. Guidance note 1 (PDF, 55KB) - know what personal data you hold includes definitions from the old 1998 Data Protection Act
- Health Research Authority's GDPR: Technical guidance - a revised and consolidated version of the official HRA briefing notes that we helped develop
- Information Commissioner’s Office webpages on GDPR - generic guidance for all organisations holding personal data (not necessarily research specific)