Safeguarding data
Your data safeguarding actions
Maintaining a thorough data management plan (DMP) is integral to safeguarding research data. Your DMP should capture all data-related safeguards, their issues, actions, and decisions.
You should also assess and process your research data in accordance with University data safeguards and any local protocols that may apply.
Safeguarding actions checklist
Below you can find detailed examples of the kinds of actions you should take during your project.
Have you:
- added the wording “Consent is given for restricted access and use of the anonymised research data” or words to that effect to all consent forms and contractual documentation?
- assessed if you need to conduct a Data Privacy Impact Assessment (DPIA)
- identified and recorded any confidential and/or highly confidential data that is suitable for sharing under controlled conditions?
- identified and recorded any confidential and/or highly confidential data that is unsuitable for sharing?
- written a justification for the research data unsuitable for sharing?
- secured sign off from your funder, School or the University on the documented justification to exempt your data from sharing?
- agreed and documented research data ownership and dissemination actions?
- agreed with partners what data will be shared? This includes deciding what will be subject to controlled conditions, what those conditions will be, how data will be discovered and accessed.
- contacted the Research Innovation Service’s Legal team to formalise partner arrangements into a data sharing agreement?
- stated any collaborative research partner(s) and that a data sharing agreement exists in any ethical review applications?
- checked if other potentially linkable datasets exist, eg in libraries, church records, the General Registry Office, genealogy websites, social media, internet searches, press archives, and data releases from public authorities?
- set a provisional future date to undertake your data appraisal to decide what data should be kept and for how long?
- identified and documented any potential risks and vulnerabilities to sharing your research data eg participant disclosure risk and documented your decisions in your DMP and secured sign off?
- named a contactable data custodian to advise on your data when you are not available or no longer at the University?
- contacted the Research Data Leeds team to indicate that you intend to deposit data in the University’s Research Data Leeds archive?
For more information about collecting personal data for research refer to the Data Protection website. Here you will find advice and templates for privacy notices, data processing and sharing agreements, records retention and conducting a Data Privacy Impact Assessment (DPIA).