Welcome to the MRC Regulatory Support Centre list of frequently asked questions about the General Data Protection Regulation (GDPR). We will add to these questions and answers as issues arise and information becomes available that you may find useful.
We’d like to know if you find these FAQs useful, so please feedback your thoughts to: email@example.com
You can also find other useful guidance in our GDPR resources.
Please select the headings below to find out more:
- NEW - I have a database that I’ve been using to support my research for years. I never got GDPR compliant consent from my participants. Do I have to delete it now that GDPR is here?
- NEW - I think my supervisor / Principal investigator should be the Data Controller for my study. Is this right?
- NEW - I’ve been told that GDPR is going to stop all ‘big data’ studies. Is this right?
- NEW - I keep hearing people talking about safeguards but I don’t understand what these are. Is there something I need to be doing?
- NEW - Are we likely to be found guilty of breaking the law as we don’t have everything sorted with our research data and we are passed 25th May 2018?
- Can I share data with colleagues now that GDPR is in force?
- What does GDPR mean for open data?
- How long can I keep research data, now that we have to comply with GDPR?
- Can we continue to identify potential research participants by screening medical notes in the era of GDPR?
- I don’t think I hold any ‘personal data’, as the only research data I see has no names or contact details in it
- Why are we told to pseudonymise our data, when you are telling me it is still classed as personal data?
- If my lawful basis is ‘task in the public interest’ (or ‘legitimate interests’), does that mean I don’t need consent anymore?
- I’ve been told I now have to re-consent all of my research participants because of GDPR. Is this right?
- I’ve been told that I have to re-consent all my research participants every 2 years because of GDPR. Is this right?
- I’ve been told that I have to re-contact all our past participants in a drug trial that closed 12 months ago. This is to ensure that we are compliant with GDPR, as we need to re-consent past participants if we intend to hold and analyse their data. Is this true?
- I keep hearing people talking about transparency but I don’t understand what it means. What do I have to do about transparency?