Data protection laws apply to any processing of personal data carried out by the University. This will include processing in the course of research activities. A suite of data protection guidance documents has been developed for researchers to support the University's compliance with data protection legislation.
Current key relevant UK legislation:
- The UK General Data Protection Regulation (UK GDPR)
- The Data Protection Act 2018 (DPA 2018)
- The Privacy and Electronic Communications Regulations 2003 and 2011 (PECR)
- The Freedom of Information Act 2000 (FOIA)
- The Environmental Information Regulations 2004 (EIR)
Where researchers have collaborative partners based in an EEA country or are undertaking research with EEA participants, the EU GDPR is also likely to apply. Other countries outside the EEA have data protection legislation that may be applicable to some research projects. The Information Governance team will assist as far as possible where non-UK laws apply but may need some external advice on legislation in other jurisdictions. Transferring personal data outside the UK and EEA also usually requires us to have additional safeguards (e.g., additional legal agreements) in place.
Researchers can access full guidance, including Data Protection Impact Assessment (DPIA) screenings and templates here (internal access only)