The Health Research Authority (HRA) operational guidance has been produced for researchers and study coordinators on the implications of the GDPR for the delivery of research in the UK.
It has been prepared in collaboration with a range of stakeholders, and reviewed by the Information Commissioner’s Office. The HRA is the body nominated to publish guidance on the implementation of the General Data Protection Regulation and Data Protection Act 2018 for health and care research.
In most cases the impact on individual research projects will be limited. This guidance is aimed specifically at researchers and study coordinators managing individual research projects, and will therefore be of interest to site and sponsor research managers supporting them.
The HRA has also published separate briefing notes relevant at an organisational level for NHS R&D offices, university research offices, company senior managers, Data Protection Officers (DPO), or information governance leads / security architecture leads.
For more details see the HRA website.
Note: In this guidance, NHS is used to also refer to HSC organisations in Northern Ireland.