Article Text
Statistics from Altmetric.com
Overview
Researchers should ensure data processing is lawful, fair and transparent, and adheres to the 5 Rs:
Respect personal data.
Reduce data collected.
Restrict access to data.
Review and delete data.
Remove identifiers if possible.
In order to use personal data for research, both the legal basis General Data Protection Regulation (GDPR) and the ethical basis (informed consent) need to be satisfied. Good research practice already meets most GDPR regulations. GDPR does permit ‘big data’ research, where this methodological approach is necessary and in general facilitates the conduct of research.
In the case of research, data subjects are usually the research participants and data controllers are the researchers (but could include, for example, the clinical trials unit). If in doubt, contact your local data protection officer.
The key relevant changes brought by the GDPR to research include its
Wider global scope. GDPR covers
The data of all European Union (EU) residents, regardless of location of processing.
The processing of any data within the EU, regardless of the country of origin of the data.
Broader definition of personal data with pseudo-anonymised data included.
Broader definition of special category data with biometric and genetic data included.
Need …
Footnotes
Twitter @m_heys
Contributors MH wrote the first draft of the paper. RLS edited content. Both authors approved final content for submission.
Funding This study was funded by National Institute for Health Research.
Competing interests None declared.
Patient consent for publication Not required.
Provenance and peer review Commissioned; internally peer reviewed.