You are here

Article Text

Article menu
Download PDFPDF
Guideline review
General data protection regulation: What does this mean for research?
  1. Michelle Heys1,2,
  2. Rosalind L Smyth1
  1. 1 Population, Policy and Practice, UCL Great Ormond Street Institute of Child Health Library, London, London, UK
  2. 2 Specialist Children's and Young People's Services, East London NHS Foundation Trust, London, UK
  1. Correspondence to Dr Michelle Heys, Population, Policy and Practice, UCL Great Ormond Street Institute of Child Health Library, London, London WC1N 1EH, UK; m.heys{at}ucl.ac.uk

https://doi.org/10.1136/archdischild-2018-316055

Statistics from Altmetric.com

    Request Permissions

    If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.

    Overview

    Researchers should ensure data processing is lawful, fair and transparent, and adheres to the 5 Rs:

    • Respect personal data.

    • Reduce data collected.

    • Restrict access to data.

    • Review and delete data.

    • Remove identifiers if possible.

    In order to use personal data for research, both the legal basis General Data Protection Regulation (GDPR) and the ethical basis (informed consent) need to be satisfied. Good research practice already meets most GDPR regulations. GDPR does permit ‘big data’ research, where this methodological approach is necessary and in general facilitates the conduct of research.

    In the case of research, data subjects are usually the research participants and data controllers are the researchers (but could include, for example, the clinical trials unit). If in doubt, contact your local data protection officer.

    The key relevant changes brought by the GDPR to research include its

    • Wider global scope. GDPR covers

      • The data of all European Union (EU) residents, regardless of location of processing.

      • The processing of any data within the EU, regardless of the country of origin of the data.

    • Broader definition of personal data with pseudo-anonymised data included.

    • Broader definition of special category data with biometric and genetic data included.

    • Need …

    View Full Text

    Footnotes

    • Twitter @m_heys

    • Contributors MH wrote the first draft of the paper. RLS edited content. Both authors approved final content for submission.

    • Funding This study was funded by National Institute for Health Research.

    • Competing interests None declared.

    • Patient consent for publication Not required.

    • Provenance and peer review Commissioned; internally peer reviewed.

    Linked Articles