This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.

You can find out more here.

Data protection and information governance

Last updated on 18 Jun 2018

Currently applicable legislation

Legislation sets out when information about people can be processed for research and the safeguards that must be in place.

Resources

General Data Protection Regulation (GDPR)

The new EU General Data Protection Regulation (GDPR) came into force in the UK on 25 May 2018. The detail of its application in the UK is set out in the new Data Protection Act (2018).

For health and social care research, the new Regulation is not very different from the previous Act, and the Health Research Authority will not be adding to the existing effective safeguards. In particular, Research Ethics Committee (REC) approval and the legal gateway for processing confidential patient information on the advice of the Confidentiality Advisory Group (CAG)  will continue, as will the other common law provisions. A summary of the key changes for all data processing (not just research) is available from the Information Governance Alliance.

The Information Commissioner’s Office has published resources for GDPR preparation, but they are not specific to research. GDPR resources for the research community are available from the Medical Research Council.

The HRA has published guidance covering the GDPR

Our detailed guidance addresses operational arrangements that researchers and organisations may need to put in place.

We've also developed technical guidance intended for Data Protection Officers (DPO), research managers or information governance leads / security architecture leads, or equivalent. It may also be relevant for researchers. Some prior knowledge of terminology is assumed.

All guidance will be kept up to date in light of relevant national and European guidelines. As guidance becomes available, we will publicise it and link to it from this page. 

For further enquiries, please e-mail hra.queries@nhs.net.

Back to policies, standards & legislation