The Data Protection Act (2018) (and the General Data Protection Regulation (2016) which is part of the Act) makes clear that anyone getting and using Personal Data&rsquo on behalf of an organisation (such as ARU) needs to comply with the law.
This guidance is designed to help you to think through how your research project will best comply with the law, and if you’re applying for Ethics approval, this will help you decide whether you can confidently ‘declare’ that your project with comply with the law on your application form.
Please read the statements on the checklist carefully before being able to declare that you comply. If you aren’t sure how the statements apply to your research project click on the links under each heading for further guidance.
If you are also going to be using Special Category Data or data which identifies over 100 individuals, please also complete the ‘Further Data Protection Questions’ form.
If you do not think you can comply with those requirements that are relevant to your research, please discuss with your Course Tutor in the first instance.
There is also guidance on anonymisation and pseudonymisation to help you understand what needs to be considered when trying to remove or hide someone’s identity in your data.
Finally there’s information about ARU’s approach to research personal data obtained before GDPR came into force.