If your research involves personal data, human participants or materials, you will require ethical approval before any data collection can begin.

Research involving animals in scientific procedures is overseen by the University’s Animal Welfare and Ethical Review Body.

See the University’s Research ethics pages for contacts and guidance on applying for ethical approval.

Use the University’s Research Ethics Decision Tool for guidance to determine if ethics approval is needed for your study.

When handling data that contain personal information, data protection rules apply. 

See the University’s Data Protection pages and Data Protection Policy for more information. 

Data Protection has created some guidance videos on GDPR for you:

GDPR for Researchers – Introduction

GDPR for Researchers – Principles

GDPR for Researchers - Consent 

In the UK, researchers collect, archive, and process data because processing is necessary for archiving purposes in the public interest, for scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the UK GDPR.

Before collecting individual’s personal data, you need to ensure informed consent is obtained. Consent will also need to be obtained if you wish to share pseudonymised or easily identifiable data.

The University provides guidance on obtaining participant consent as well as template information sheets and consent forms.

Withdrawl of consent

Individuals have the right to withdraw their consent and data. However, because you are collecting the data under Article 89(1), see above, you do not have to give individuals this right forever. You can give individuals a date, after which, as the data is to be anonymised or pseudonymised it would be too difficult or detrimental to the research to remove.

The period of withdrawal should be clearly stated on the consent form otherwise you cannot deny the right of the individual to withdraw. As well, if it would be relatively easy to remove the data and you have processes in place for this purpose, you cannot deny the individual’s right to withdraw.

If you are working with large amounts of personal or special category data, or your project involves working with sensitive issues you should complete a Data Protection Impact Assessment (DPIA).

It is best practice to have your Data Management Plan (DMP) completed before the DMPIA. The DPIA will also need to be attached to your ethics application.

The University’s Intellectual Property Policy outlines ownership of data created in the course of research carried out at the University. In most cases, the University owns data generated by researchers unless specified by a research funder or other contract, such as in the case of collaborative projects with external organisations or when using third-party or secondary data.

The University encourages researchers to make their data openly available where possible so ownership should not prevent you depositing your data in a research repository. See the section on Sharing your research data.

Exceptions to making data openly available include possibilities for patenting or commercialisation. If your research produces Intellectual Property (IP) contact The Enterprise Team for guidance on patents, commercialisation, and non-disclosure agreements (NDA).

If you are using secondary data or sources, Copyright may be owned by a third-party. You need to understand the terms and conditions in which you can use and reuse the data.

Consider the licence terms or data sharing agreements that outline conditions of use and reuse. If a data sharing agreement is not in place, consider using one. Contact Research Contracts for support.