Data Protection and Research
Data Protection is ‘intended to serve as a safety net for individuals whose data are needed to support science’ (European Data Protection Supervisor opinion).
Researchers must assess and manage the data protection risks of their research projects.
Such risks can be higher, if the research focuses on more sensitive topics such as: political or religious views, mental or physical health, race or ethnicity, sexual orientation etc.
All researchers using personal data for their research, must be aware of and comply with EU and national data protection law: the EU General Data Protection Regulation 2016 (‘GDPR’) and Data Protection Acts 1988-2018.
Researchers working with children and young people may find this toolkit developed by PPI ignite useful.
All researchers must successfully complete the College Data Protection Training Module on Data Protection and Cyber Security . This requirement applies to all staff, including those who have previously completed data protection training ( before 2025).
All researchers should familiarise themselves with the College Data Protection Policy and the accompanying Handbook.
Researchers carrying out health research must also comply with the Health Research Regulations 2018 including the 2021 Amendments to the Regulations. Further detail on the amendments is available here.
Researchers working with participants recruited from the HSE ( Staff or patients) need to familiarise themselves with the HSE Policy on Consent.