You may have heard that there has been a recent change in the UK’s data protection legislation. As part of this, we’ve updated the ‘privacy and data protection’ FAQs on the study website with more information about GDPR. Please do get in touch if you have any queries or concerns.
The key information is included below:
What is GDPR?
The General Data Protection Regulation (GDPR) came into law in May 2018. It sets out the duties and responsibilities we have to you when we process and use your personal data, and your rights regarding the personal data that we hold and process. The GDPR forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018) which also came into law in May 2018.
What does this mean for you?
Next Steps is funded by the Economic and Social Research Council (ESRC) and managed by the Centre for Longitudinal Studies, which is part of University College London (UCL). The purpose of the study is to generate data for research purposes. UCL is the ‘data controller’ for the study, and as both ESRC and UCL are Public Bodies, the lawful basis under GDPR on which we are permitted to process your personal data is regarded as the performance of a public task. The study is voluntary and you have the right to withdraw at any time.
It is important to us that your personal data is secured and protected in the strongest possible manner. To achieve this we comply with all the relevant legislation on protection of confidentiality and we have received externally certified accreditation to the NHS Digital Information Governance Toolkit standard.