Records Management

Research and the General Data Protection Regulation

Guidance on research and data protection legislation.

The General Data Protection Regulation (GDPR) along with the Data Protection Act 2018 (DPA) sets out how personal data and privacy should be managed. The legislation applies to any research project which processes personal information. This also applies to research outside the UK that the University is involved in.

Undertaking research in an ethical, fair and lawful manner complies with the requirements for data protection legislation and must start prior to project approval by incorporating data protection and privacy into the research planning process. This guidance is intended to assist researchers with this.

There is an online training module on LEARN about research and data protection. All researchers and research students should complete this training.

Data protection training

About this guidance

Version control



Edits made


Data Protection Officer

26 June 2018

Version for web created by DICM.

3 RASO 22/02/2019 Link to training added
4 DPO/RASO 14/06/2019 Research under GDPR updated and forms added.
5 ADPO 14/11/2019 Updated to version 6