Know your legal and ethical responsibilities

How to ensure your research data management meets legal and ethical requirements, including information on GDPR.

Legal responsibilities

There are legal responsibilities to consider when creating, preserving, and sharing data. These include GDPR, Intellectual Property Rights, Copyright, Licences, and Data protection. The laws and regulations relevant to specific research areas, such as clinical trials regulations and the Human Tissues Act, also need to be observed. Some of the legislation and regulation is included on the UWE Bristol Code of Good Research Conduct. The UK Data Service provides further information on your obligations when sharing information and how to comply with GDPR.

The UWE Bristol Research Governance Team have produced a range of resources and guidelines to aid researchers with compliance throughout the lifecycle of their research projects.

The UWE Bristol Research Governance Checklist is a tool produced by the UWE Bristol Research Governance Team to help UWE Bristol researchers ensure that they have fully reviewed the research governance matters that may apply to their research project.

The Digital Curation Centre have also produced a Checklist on Legal Aspects of RDM.

Intellectual Property Rights

Intellectual property rights, or IPR, affect the way research outputs can be used. Failure to clarify rights at the start of the research process can lead to unexpected limitations that affect:

  • your research
  • dissemination of your research
  • future related research projects
  • associated profit or credit
  • your reputation and that of the University.

UWE Bristol advice on intellectual property is available within the Code of Good Research Conduct and Policy. There is also some helpful advice on the government intellectual property office website.

Copyright and legal protection

Information regarding copyright is provided on the library's copyright webpages. The Code of Good Research Conduct and Policy should be consulted for advice on intellectual property and legal protection.

Mechanisms to permit the re-use of your research data and materials

If you wish to share and allow re-use of your data but with some restrictions, Creative Commons licences provide standard options to enable use of your data in selected ways and restrict other uses.

The Creative Commons website explains the licence options and provides a licence chooser tool to enable you to select the most appropriate license. Remember some funders and publishers may stipulate the type of licence that is required.

Research is governed by a broad range of legislative and regulatory frameworks. It is essential that the collection, storage and any eventual archiving and re-use is compliant with these requirements. Full guidance is provided in the UWE Bristol Code of Good Research Conduct.

Using online materials in your research

There are a number of issues when using online materials. This partly depends on how these materials are licensed. Even if there is no '©' or 'all rights reserved' notice, intellectual property rights are still applicable. When in doubt, contact the website administrator or publisher directly. However it is also essential to ensure that the source of the online materials has the rights to use them, and to allow you to use them for your specific research purpose.

The University Research Ethics Committee has produced information on how to conduct and manage social media research within their guidance webpages.

Data protection

It is your and UWE Bristol's duty to ensure that any data you gather is handled correctly. The General Data Protection Regulation (GDPR), which governs the processing of personal data, must be adhered to. For more information about GDPR, staff should consult the General Data Protection Regulation pages on the staff intranet.

UWE Bristol provides guidelines to help staff undertaking research to comply with legal requirements for data protection within the secure storage area available on the staff intranet.

The Research Governance Team have produced research data security guidance for researchers. Remember that researchers are personally responsible for any breach in data security arising from failures in relation to their data responsibilities.

The Information Commissioners Office (ICO) is formally responsible for data protection and has produced useful guidance.

Ethical responsibilities

The University has set in place detailed requirements and guidance in relation to research ethics. These are set out in the research ethics webpages.

Ethical responsibilities in research data management.

It is essential that ethics approval is obtained prior to the start of any research activity. It is the responsibility of each researcher to adhere to the ethics requirements of their research project.

Obtaining ethics approval

All research involving human participants, their tissue or their data must be subject to research ethics scrutiny by the University's Research Ethics Committee (UREC) and/or the relevant Faculty Research Ethics Committee (FREC). Human Tissue Legislation and NHS Health Research Authority requirements must also be consulted and adhered to where appropriate.

Research conducted with external collaborators, for example, the NHS, should also be referred to their relevant ethics committees.

Research which does not involve human participants, but is sensitive for other reasons (such as potential negative environmental risk, or security sensitive research) may also be considered by the UWE Bristol ethics committees.

It is fundamentally important that a favourable ethical opinion is received from the appropriate ethics committee prior to research data being collected or generated.

UWE Bristol Research Ethics policy, procedures, guidance and frequently asked questions are provided on the research ethics guidance.

Obtaining informed consent

Obtaining freely given informed consent is central to research involving human participants. Consent needs to make clear what the data will be used for and whether it will be shared/preserved. The activities covered by informed consent should be considered prior to and throughout the research lifecycle.

The UREC guidance can be found on the research ethics resources for researchers guidance; which also includes answers to frequently asked questions on research ethics.

It is important to note that, as far as is practical, individuals have the right to withdraw from a study at any point. When the research data is collected, it is essential that it is made clear the point at which this would become impracticable. You will need to ensure that you comply with what you have told the research participants, and have in place mechanisms to permit this. This will also have implications for the way data is stored and archived and how re-use is permitted.

Sharing or publishing data

The confidentiality of research participants must always be protected in line with the informed consent for the research. This means that what you say to participants in the participant information about how their data may be retained, shared, and/or used in publication is crucial; because you can only do what you have told them you will do.

If data is to be anonymised to permit sharing, this should be made clear at the consent stage. You should also pay careful attention to the extent to which your research data can be truly anonymised.

The UK Data Archive provides a wide range of advice on collecting data which will be preserved and shared including some guidance on anonymisation (see page 26).

You should always consult with your Faculty Research Ethics Committee if you are unsure whether the data you wish to share or publish can be used.