Information Governance and Security
- / Information Governance and Security /
- Information Governance /
- Information Governance For The University /
- Information Governance Roles & Contacts /
- Researcher - Student
Toolkit - Student Researcher
If your research project does or is likely to collect and process peoples Personal Data (and/or Sensitive Personal Data), then you will must consider and comply with the data protection requirements. Considering any data protection implications at the easliest opportunity is both a legal obligation under General Data Protection Regulations (GDPR) and obvioulsy makes it much easier to make necessary changes to your project design.
Remember, we not only have a legal obligation to comply with data protection law (and there can be both university and individual criminal offences associated with breaches of data protection law and well as significant financial penalties for the university), but we also have a moral responsibility to our research subject to ensure that we treat them fairly and look after their private information. In addition both the universities reputation as a research organisation, and your reputation as a research professional is at risk!
Determine whether you are dealing with Personal Data and/or Sensitive Personal Data (see Data Protection Guidance below for more information)
Clearly define the purpose for collecting the data which will lead to determining what personal data you will require (and what you don't require). This will help to determine the the 'Purpose Limitation' and 'Data Minimisation' required under data protection legislation. (See Data Protection Guidance below)
Determine what your legal basis for each processing activity will be (see Guidance below)
Conduct a Data Protection Impact Assessment (DPIA) to highlight personal data risk and identify suitable mitigation / risk reduction measures - see guidance below
Review the DPIA with the Data Protection Officer and implement recommendations. Repeat DPIA if necessary.
See also the Research Support wwebpages at https://www.keele.ac.uk/research/raise/governanceintegrityandethics/
Guidance on specific areas
Conditions for Processing
Detailed guidance on how to decide on the correct 'Condition for Processing' under GDPR
Data Subject Consent
Detailed guidance on how to obtain and record consent to process personal data under GDPR
Detailed guidance on drafting Privacy Notices as part of complying with transparency requirements under GDPR