skip to content

Research Integrity

 

This page provides detailed guidance on the University of Cambridge’s expectations for researchers whose academic research involves the processing of personal data. Researchers who regularly carry out research projects using personal data are advised to familiarise themselves with this guidance. 

Researchers seeking an introduction to the main points of the guidance can read the one page 'Quick Guide' developed to accompany the full guidance. For ease, the UREC-approved criteria of very high risk data processing (detailed in section E) can also be accessed in the link below.

The quick guidance is not designed to be comprehensive and should be read alongside the full guidance, to which it refers.

The full guidance is divided into sections as follows:

  • Defines personal data and explains where data protection considerations will not apply at all in a research context (Section A).
  • Outlines the standard requirements for organisations processing personal data – in terms of adherence to the data protection principles, the various data subject rights, and organisational accountability requirements (Section B).
  • Outlines the two sets of exemptions from these standard requirements for academic research – setting out how and when the requirements don’t apply (Section C).
  • Explains how these two sets of exemptions work in practice for academic research projects of various types – including guidance about when and how to deploy documentation for research participants, data management plans and data security measures (Section D).
  • Summarises how data protection considerations (and the exemptions) interact with research ethics (Section E)
  • Summarises how data protection considerations (and the exemptions) interact with the separate law of confidentiality, especially in a medical research context (Section F)
  • Provides detailed guidance on writing Participant Information Sheets (or equivalents), where required (Section G).
  • Provides detailed guidance on writing consent forms for research participants, where required (Section H).
  • Provides specific guidance on considerations regarding data sharing and re-use for research purposes, where applicable (Section I).
  • Links to selected further sources of advice and guidance (Section J).

This guidance is aligned with the legal requirements of the UK General Data Protection Regulation and the Data Protection Act 2018.

This guidance is designed to be generally applicable across the University. However, given that issues raised by academic research vary across disciplines, it should be read alongside guidance produced locally (by Department, Faculty or School). Researchers requiring Health Research Authority (HRA) approval must comply with HRA guidelines as well as University and legal expectations. Links to local and HRA guidance are provided at the end of this page.