Sharing research data

Research data should only be shared when consideration has been given to the conditions of that sharing. This will normally require a Data Sharing Agreement, which will cover issues such as ownership and intellectual property, storage, transfer, security, archiving and disposal and use (including compliance with the law and with ethical permissions and publication). This relates both to UWE Bristol data shared with others, and data which is to be shared with UWE Bristol.

Do

• Think who you will want to access research data and what you will want to do with it before you design your participant information sheet and consent form, for example whether you will wish to archive the data for future re-use in some form. You will need to stick with what you have said here, so it is worth getting it right.
• Contact the Contracts team and make sure that appropriate agreements are in place prior to sharing data.
• UWE Bristol researchers should not share identifiable personal data, or accept personal data from others, if this is not permitted by the specific form of consent given by the data subject, and/or where that would contravene data protection legislation.
• Before data is shared, researchers must ensure that any third party will abide by UWE Bristol’s requirements.
• Make sure that if you are receiving any personal data from a third party, that they have the right to provide this to you, in both data protection and ethics terms.
• It is your responsibility to ensure that all collaborators or contributors outside of the University are aware of and comply with these principles. All such non-UWE Bristol staff accessing personal information must also sign a Data Processing Agreement (DPA) before they process UWE Bristol personal data.
• Restricted or confidential research data must only be processed on a UWE Bristol device, or by a third party (such as a collaborator, transcription company or contractor) with whom UWE Bristol has a formal Data Processing Agreement which covers data security, and where these can evidence appropriate data security arrangements.
• If in any doubt, you should see guidance from the UWE Bristol Contracts Team, Research Governance Office or the Data Protection Office.

Don’t

• Ever share personal data without first checking that this is in line with consent. Sharing personal data without consent would be a breach of ethics, and where consent was the legal basis for processing, may breach data protection legislation. This may constitute research misconduct.
• Pass research data for transcription without a formal Data Processing Agreement and unless the data privacy notice allows for this.
• Share data without consulting with The Contracts Team in relation to the need for a Data Sharing Agreement.

The conditions relating to personal data are governed both by data protection legislation and ethical requirements. Personal data should only ever be used, or shared, in accordance with the legal basis under which it was collected, and the consent given by the individual concerned.

Consent should make clear who will access personal data in both unanonymised and anonymised form. Breaching the consent requirement is not just a matter of breaching Data Protection law, but would be a serious ethical breach, and may constitute research misconduct.

Who should I contact if I'm not sure?

For further support contact the following:

• Contracts Team (Intranet access only)
• Research Governance Office
• Data Protection Office