Privacy and Data Protection
This page contains information for project participants who agree to be interviewed as part of our research
What is this page about?
From May 25th 2018 the European General Data Protection Regulation (GDPR) comes into force. The new Regulation replaces and updates existing data protection laws. The GDPR applies to the UK and is not dependent on the ongoing negotiations over withdrawal from the European Union.
What does the GDPR mean for me?
Under the GDPR anyone whose data is collected and who can be identified from that data, either directly or indirectly, is considered a ‘data subject’.
Data subjects have a number of legal rights, including the right to know what data is collected about them, what it is being used for and who they can contact if they what more information or wish to make a complaint or raise a concern.
People who agree to be interviewed as part of the Biomodifying technologies project are contributing personal data and have rights as data subjects.
What does the GDPR mean for researchers working on the Biomodifying technologies project?
The GDPR will not change the way personal data will be processed by the project, but it introduces new rights for data subjects about the way we process their data.
This page describes what these changes are and what they mean for data subjects. This information is in addition to that provided in the Participant Information Sheets, which remains valid.
Organisations such as a company, hospital or university holding and utilising personal information about one or more data subjects are considered ‘data controllers’. Data controllers have a responsibility to guarantee the rights of data subjects whose data they are processing.
‘Processing’ means any operation performed on personal data or sets of personal data including (but not limited to) collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, or dissemination of that data. Research using interview data counts as ‘processing’.
Most institutions processing large volumes of personal data will have, or should soon appoint, a Data Protection Officer (DPO). The DPO can act as a point of contact for anyone wanting to know what data an organisation holds about them and what it is being used for.
Who is the Data Controller for the ‘Biomodifying Technologies’ project?
The University of Oxford, The University of Sussex and the University of York are all Data Controllers for this project.
This means each institution has responsibility for information collected, stored and analysed as part of this research project.