Data Protection Policy - Use of Personal Data in Research

The Data Protection Act 1998 sets down certain exemptions which allow personal data to be used for research purposes (including historical or statistical research), where the data were originally gathered fairly and lawfully for other purposes. Data collected for one purpose or piece of research can be used for other research, and can be kept indefinitely, provided the following conditions are met:

  • The data must be used solely for research purposes, and not for any other purposes (e.g. general administration) unless those purposes are the same as the purposes for which the data were gathered.
  • The data must not be processed to support measures or decisions in regard to particular data subjects.
  • The processing for research purposes must not cause, or be likely to cause, substantial damage or distress to data subjects. Closure of the data to outside access would be one way of helping to ensure this, as would anonymisation of research results.

Where the above conditions have been met, data retained for research purposes are exempt from subject access requests, provided the results of the research are not published in a form which identifies the data subjects. However, other aspects of the Data Protection Principles will still apply, such as the requirement to keep the data secure, and the requirement that the data should be processed fairly and lawfully.