Why does King’s College London use personally identifiable data for research?
As a university, we use personally identifiable data for world class research. When collected from research participants, we have to ensure it is in the public interest. This is because we are publicly funded. Any data you provide will be processed in accordance with the General Data Protection Regulation 2016 (GDPR).
Who is responsible for looking after my personal data?
Under GDPR, a data controller is responsible for handling personally identifiable data. They decide how and why the data is processed. At King’s College London, the data controller for research data is the university itself. For each research project, the Principal Investigator takes responsibility. They have to ensure that only the relevant research team has access to your personal data. The information sheet you are given will specify who they are.
What is the legal basis for the processing of my data?
The University will process your personally identifiable data for the purpose of the research. This will be specified by the information sheet you are given as part of the informed consent process. The legal basis for processing your personally identifiable data for research purposes, under GDPR, is a ‘task in the public interest’.
Researchers also have a common law duty and ethical obligation to gain explicit informed consent from you as a research participant for all aspects of the research. This includes the use of your personal data.
What are my legal rights as a research participant?
You have the right to be informed of the following:
- What data we collect from you.
- How we will ensure the confidentiality of your data.
- How long we will keep your data for, and whether it will be shared with anyone else.
Under GDPR, you have the right of access to any information we hold about you. You can ask for it to be corrected, erased and object to how it is processed. However, this might be restricted in some circumstances. These include compliance with legal obligations. Restrictions might also be applied for scientific research purposes. For example, this might be if the deletion of your data was seriously detrimental to the research.
In such circumstances, we may need to keep the information about you that we have already collected. However, the research team are required, under GDPR, to explain why these restrictions might be necessary before you agree to take part in the study. This is part of the informed consent process.
What If I am not happy with how my data is being handled?
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer, Mr Albert Chan firstname.lastname@example.org who will investigate the matter. If you are not satisfied with our response or believe we are processing your personal data in a way that is not lawful you can complain to the Information Commissioner’s Office (ICO) www.ico.org.uk