Familiarise yourself with the information below - these are the actions you can take now

Health and social care research data

Review external guidance

Get to know the key changes

  • Genetic and biometric data are now included in scope for GDPR and may fall under the ‘special category’ group of data (previously known as sensitive personal data)
  • ‘Pseudonymised’ data can also be considered personally identifiable. Please see a FoM agreed definition – the key is to understand how easy it will be to re-identify data subjects, where the key is kept, and how access is controlled.
  • Transparency - there is a requirement to ensure a clear and easy-to-follow privacy notice is available to participants. Find out more from the HRA on transparency. The College also offers guidance on its privacy notices page.
  • Sharing data outside of EEA and/or accessing EEA data from overseas - find out more on the College's sharing personal data web page.

Consider existing studies

  • Do you have a privacy notice for the studies? The privacy notice needs to be updated to include your legal basis for data processing. Please see the HRA guidance on transparency. The Joint Research Compliance Office will be communicating with CIs/PIs regarding this.
  • Is your Patient Information Pack up to date? Does it refer to Data Protection Act 1998? For HRA-approved consent, any changes to update references to legislation are non-notifiable and non-substantial but you will need to provide a privacy notice (transparency information). Please see the HRA guidance on consent.
  • Do you have historical studies which should be archived? Discuss your requirements with ACRU (acru@imperial.ac.uk).
  • Is your data secure? Find out more from the Be Secure guidance.

Register your data

Dr Izabela Piotrowska, FoM GDPR Projects Coordinator, is working with research groups identified as priority foci (through analysis of responses to a FoM GDPR Risk Assessment survey that was sent to line managers in March).

She is registering existing datasets associated with active research projects and producing action reports for groups to assist with addressing gaps in the management of existing data related to GDPR.

Please make yourself and/or your staff available to register datasets when contacted.


Seminars with our GDPR Project Coordinator

The Faculty GDPR Project Coordinator, Dr Izabela Piotrowska, will be available to provide short seminars with guidance on how to implement GDPR in medical research. Please contact her directly to arrange for her to attend one of your team meetings (i.piotrowska@imperial.ac.uk).