Researchers should adhere to data protection requirements when managing or sharing research data. However, the Data Protection Act applies only to personal or sensitive personal data, and not to all research data in general, nor to anonymised data.

The Data Protection Act 1998 was formulated in response to individuals' concerns about the amount of personal information - and the accuracy of such information - being stored, processed and passed on by organisations. It provides the legal basis for how organisations handle information relating to living people (personal data).

READ DEFINITIONS OF PERSONAL AND SENSITIVE DATA

What about data protection and sharing data?

Consider these things:

• Do you really need to collect personal data? Often information such as participants' names and addresses are collected for administrative purposes only and have no research value.  Not collecting personal data in the first place may make it easier to manage and share your data. Alternatively if they do need to be collected, for example, for follow-up interviews, they should be stored separately from research data.

• Inform your participants about use of personal data. All researchers must inform research participants about how any personal data collected about them will be used, stored, processed, transferred and destroyed. Personal data can only be disclosed if explicit consent has been given to do so, although there may be exceptions for legal reasons.

• Not all research data obtained from participants constitute personal data. If data are anonymised, for example with key personal identifiers removed, then the Act will not apply as they no longer constitute 'personal data'.

READ MORE ABOUT ANONYMISING DATA

READ WHAT TO TELL PARTICIPANTS

Read more about data protection:

• full text of the Data Protection Act 1998
• the government Data Sharing Review of the Data Protection Act 1998