Presentation is loading. Please wait.

Presentation is loading. Please wait.

ScHARR Bite Size Research Ethics and GDPR: legal requirements for research - what you need to know.

Published byReynard Dean Modified over 6 years ago

Similar presentations

Presentation on theme: "ScHARR Bite Size Research Ethics and GDPR: legal requirements for research - what you need to know."— Presentation transcript:

1 ScHARR Bite Size Research Ethics and GDPR: legal requirements for research - what you need to know

2 GDPR – General Data Protection Regulation
There is a 4% turnover fine for non-compliance which would be a huge financial loss for the University. In research, the GDPR requirements are applicable to ‘Personal Data’ – structured information about or relating to a living person which is identifiable.

3 Transparency You must inform your participants of the following…
The legal basis for processing their data. Who the Data Controller is. Their right to contact the Data Protection Officer and ICO to complain regarding the use of their data. Detailed information on how their data will be used including: - who will have access to the data - where will it be stored - when will it be destroyed. The above information should be included in the online ethics application form and the participant information sheet.

4 Legal Basis for processing data
The legal basis for research is usually ‘a task in the public interest’. However, if Special Category data is being used, you must additionally state that the legal basis is also ‘necessary for archiving, research or statistics’ Special Category Data is potentially sensitive information such as: Race/ethnicity, political opinion, religious/other beliefs, trade union membership, sexuality/sexual activity, criminal records/allegations, genetic data, biometric data and (especially relevant to ScHARR)…HEALTH!

5 Data Controller The Data Controller is the organisation which determines the purposes and means of processing personal data. This would usually be The University of Sheffield If you are collaborating on a project with another institution you would need to agree who will be named as the Data Controller and document this in the collaboration agreement.

6 Right to complain about the use of data
Anne Cutler is The University of Sheffield Data Protection Officer (DPO). Complaints about the handling of personal data should be directed to Anne in the first instance at: If the participant is not satisfied with how their complaint has been handled, they may then escalate the matter to the ICO (Information Commission Office).

7 How data will be used Will the data be identifiable, anonymised or pseudonymised and at which points in the research process will it take these forms. Who will have access to the data – state that members of the research team will have access and explain any collaborators who may have access. Where will the data be stored – in an access restricted folder in the University’s Shared Networked Filestore. When will the data be destroyed – the data should be destroyed as soon as it is no longer required for the research.

8 Ongoing Projects If your project is continuing data collection which started prior to the 25th May, you must provide participants with the required information if you have not already done so. If the only data you need to provide is the Data Controller, How to complain and Legal Basis, you may send the information via or a letter at the next opportunity, such as when contacting participants to collect data. Please send a copy of the communication you have sent to to file in our records. However, if more significant changes required to adhere to GDPR, for example, you had not already told participants who would have access to data, where it would be stored and when it will be destroyed, you will need to send a formal amendment request to to send out a more comprehensive communication to participants.

9 Using existing data GDPR requirements do not apply if:
Data is obtained from a 3rd party AND Data is pseudonymised and only non-identifiable data will be used for the research AND It is either impossible or a disproportionate effort to contact participants OR providing information would either impair the research or make it impossible. Existing data – if data was anonymised in the original project, this is not personal data. There must be either original consent for use in future research and to share with others or you will need to contact the participants again for consent unless the data is from a 3rd party or non-identifiable.

10 NHS The Data Controller is likely to be the Healthcare Research Governance Sponsor. Consult the HRA webpages for guidance standards-legislation/data-protection-and-information-governance/

11 Key Messages Use the information sheet and consent form templates on the ScHARR ethics webpages. Consider the future uses of data from the outset, consent must be given to contact the participant in the future, publish, use data in future research and be shared with others. Anonymise or pseudonymise the data as quickly as possible As Supervisors, ensure your students ethics applications adhere to GDPR regulations! Check the Research Services webpages for further guidance and updates

Download ppt "ScHARR Bite Size Research Ethics and GDPR: legal requirements for research - what you need to know."

Similar presentations

Data Protection.

Data Protection.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
IM NETWORK MEETING 20 TH JULY, 2010 CONSULTATION WITH 3 RD PARTIES.

IM NETWORK MEETING 20 TH JULY, 2010 CONSULTATION WITH 3 RD PARTIES.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:

Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
Sharing Information Legally Lindsay Ould London Borough of Lewisham.

Sharing Information Legally Lindsay Ould London Borough of Lewisham.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.

Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Tony Sheppard Mobile Guardian

Tony Sheppard Mobile Guardian
Key changes with the GDPR

Key changes with the GDPR
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
Processing for archiving purposes in the GDPR

Processing for archiving purposes in the GDPR
Issues of personal data protection in scientific research

Issues of personal data protection in scientific research
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
GDPR – What’s it all about???

GDPR – What’s it all about???
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
Data Protection The Current Regime

Data Protection The Current Regime
General Data Protection Regulation

General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
GDPR Overview Gydeline – October 2017

GDPR Overview Gydeline – October 2017

Similar presentations

Ads by Google