As researchers, we gather information from people through observation and by interviewing them about personal, often sensitive, issues. During this process, we collect ‘personal data’ which makes a person potentially, directly or indirectly, identifiable. Personal data includes:
- Date of birth
- Identification number
- Telephone number
- Location data
- Special characteristics which express the physical, physiological, genetic, mental, commercial, cultural or social identity of a person. (For more information see: Link)
Every person has the right to privacy and anonymity by law. As researchers, we therefore have to ensure the data protection of all our study participants. How we do this is set out in the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR). The regulation has been created by the European Union and adapted for the UK context. GDPR consists of eight key principles:
- Lawfulness, Fairness, and Transparency – You must tell the participant through privacy notices, consent and contracts who is working with their data and what is being done with it.
- Purpose Limitation – You can only use the data for the purpose for which it was collected.
- Data Minimisation – Researchers must only collect and use data that is needed for the research being undertaken.
- Accuracy – You must keep data up-to-date and accurately. Any inaccuracies should be fixed.
- Retention – You should only keep data for as long as it is required to finish the research. It is the responsibility of the researcher to delete all data relating to their project in line with the retention schedule.
- Safe and Secure – You must implement measures to protect against security breaches or the unlawful processing of personal data.
- Accountability – You must keep a record of how any data is processed. It is important that the researcher considers why and how the data was originally collected, as well as the data’s security.
- Subject Rights – Researchers must give participants a copy of their data when requested, and uphold their rights and freedoms under GDPR.
(Author: Hanna Kienzler & Bwalya Mulenga)