This section is intended to highlight some of the issues that researchers may need to consider at different stages of their project. It is extremely difficult to highlight all of the issues which may arise during the course of every project and, accordingly, this section does not purport to be exhaustive.
If researchers are collecting personal data directly from individuals, has consideration been given to the conditions for processing and the provision of the prescribed information?
If researchers are using a third party to collect or process personal data on their behalf (a data processor), they need to get advice from Research Services to enter into an agreement with that third party to ensure the information is processed in accordance with the University’s legal obligations.
If researchers are obtaining personal data from a third party, they should seek assurances about the information in accordance with the University’s obligations.
It is important to note that if you are relying on the consent of the individuals to process any personal data, you will need to see those consents – third-party assurances alone will not be sufficient, although the ICO may take them into account in any enforcement action.
Have researchers considered appropriate security measures and implemented a policy for handling personal data?
If researchers are intending to share access to personal data, then they are required by law to enter into a written agreement with those parties, setting out the conditions on which the data is made available.