This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.

Find out more here.

GDPR guidance for researchers

Last updated on 31 Jan 2018

UPDATE: The latest GDPR guidance can now be found here.

The rules for handling information relating to research participants will change on 25 May 2018, when the new EU General Data Protection Regulation (GDPR) comes into force.

The HRA has published detailed guidance about operational arrangements that researchers and organisations may need to put in place. 

The guidance is published as a living document that will be updated over the coming weeks. We will update this page as updated versions are published.

We expect that for most existing studies, if you follow our guidance, you will not need to submit amendments for approval. 

Our guidance will help you to make the necessary changes as non-notifiable, non-substantial amendments in the vast majority of cases. 

We have previously published a suite of technical briefing documents for Data Protection Officers (DPO), research managers, information governance leads, security architecture leads, or equivalent in institutions undertaking or supporting health and care research.


Back to news & updates