• Home
• About Us
• How to Find Us
• For Patients & Public
  • Public Involvement in Research
  • How to get involved
  • How is your information handled in research
  • Research Project Information
  • Participant in Research Experience Survey
  • Useful Resources
  • News & Events
  • Get in touch
• For Health Professionals
• For Researchers
• For Industry
• Newsletters, Events & Campaigns
• News & Articles
• Contact Us

How your data is handled in research

A briefing on the General Data Protection Regulation for Research

The UK General Data Protection Regulation (GDPR) came into force on 01 January 2021.

It is supported by the UK Data Protection Act 2018.

They both have rules for using personal data for research purposes.

How does this affect health and care research? 

The legislation was developed primarily to respond to growing use of personal information for marketing, social media and profiling. It means important changes for those sectors in terms of the information that has to be provided to people about how their information will be used, and it sets a higher bar for the consent that has to be obtained for using people’s information or contacting them for these purposes.

Health and care research has worked within robust regulatory systems for many years and has set clear expectations about informing participants in research about how information about them is used.

This information leaflet explains how health researchers use information from patients:

Patient data and research leaflet - Health Research Authority (also available to download as a PDF here)

When Sheffield Teaching Hospitals NHS Foundation Trust is the sponsor for a Research study

As an NHS organisation we use personally identifiable information to conduct research to improve healthcare and services.

Health and care research should serve the public interest, which means that we have to demonstrate that our research serves the interests of society as a whole. We do this by following the UK Policy Framework for Health and Social Care Research. Research ethics committees review our research studies to make sure that the use of data about you is in the public interest and meets ethical standards.

When you agree to take part in a research study, the research team will collect the minimum information that can identify you needed to do the research project. This information will only be used in the ways needed to conduct and analyse the research study.

You have the right to ask us to remove, change or delete data we hold about you for the purposes of the study. We might not always be able to do this if it means we cannot use your data to do the research. If so, we will tell you why we cannot do this.

If you withdraw from the study, we may keep the information about you that we have already obtained.

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter. If you are not satisfied with our response or believe we are processing your personal data in a way that is not lawful you can complain to the Information Commissioner’s Office (ICO).

Our Data Protection Officer is Michael Maginnis and you can contact him at sth.InfoGov@nhs.net