The Health Research Authority website uses essential cookies

This site uses session cookies and persistent cookies to improve the content and structure of the site.

By clicking “Accept All Cookies”, you agree to the storing of cookies on this device to enhance site navigation and content, analyse site usage, and assist in our marketing efforts.

By clicking 'See cookie policy' you can review and change your cookie preferences and enable the ones you agree to.

By dismissing this banner, you are rejecting all cookies and therefore we will not store any cookies on this device.

See cookie policy

GDPR guidance for researchers

Last updated on 31 Jan 2018

UPDATE: The latest GDPR guidance can now be found here.

The rules for handling information relating to research participants will change on 25 May 2018, when the new EU General Data Protection Regulation (GDPR) comes into force.

The HRA has published detailed guidance about operational arrangements that researchers and organisations may need to put in place. 

The guidance is published as a living document that will be updated over the coming weeks. We will update this page as updated versions are published.

We expect that for most existing studies, if you follow our guidance, you will not need to submit amendments for approval. 

Our guidance will help you to make the necessary changes as non-notifiable, non-substantial amendments in the vast majority of cases. 

We have previously published a suite of technical briefing documents for Data Protection Officers (DPO), research managers, information governance leads, security architecture leads, or equivalent in institutions undertaking or supporting health and care research.


Back to news and updates
© Copyright HRA 2024
Site by Big Blue Door