skip to content

Academic research can rely upon certain exemptions from compliance with various parts of data protection legislation if certain conditions/safeguards are met.  The ways in which these exemptions work is complicated.

A preliminary guidance document is available; this will be supplemented in due course.

It should be noted that compliance with data protection legislation, and the application of the exemptions as appropriate, is only one aspect of carrying out academic research legally and ethically.  Other legal and ethical requirements and standards - including the need for ethical review - will vary between disciplines, and further guidance is provided by the Research Office.  For medical research studies in particular, researchers should be aware of the importance of the common law duty of confidentiality when using patient records - this common law is separate from data protection legislation, any will often require the consent of the patient.

On occasion, research project funders (especially EU funders and their ethical reviewers) ask researchers to supply them with a letter in the name of the University's Data Protection Officer confirming that their project methodology conforms to data protection legislation.  Any researchers who are asked to supply such a letter should contact the Information Compliance Office.