Policies and data protection
University of Southampton Research Data Management Policy
The following guidance supports the University of Southampton Data Management Policy. All students are required to abide by the University’s policy. Taught students are exempted from the provisions regarding retention and deposit unless they have published peer-reviewed articles based on their research.
Data Protection Act (2018)
If your research involves collecting data from living human subjects, or ‘special category data‘ (formerly referred to as sensitive data) then you must comply with the Data Protection Act (2018). The Act incorporates the EU General Data Protection Regulation (GDPR).
The key actions to reduce your risk are:
- Raw data and all files containing contact details for individuals (such as consent forms) must only be stored on University servers, within the University network
- If you are holding data locally on a laptop (for example during collection) the data must be encrypted and the laptop should be a University build laptop.
- When sharing data with collaborators, do not share the raw data. Do not use cloud-based services. Do not share data with collaborators outside the University unless you know that a data sharing agreement is in place.
- When moving data, do not email files instead use SafeSend or create a Sharepoint site for you and your collaborators.
What if I lose some data or disclose by accident?
Do not delay, do not spend time trying to find the data, email email@example.com as soon as you suspect the data loss may have happened.
- Email firstname.lastname@example.org
- Liaise with Finance to get mobile number blocked (if appropriate)
- If the lost device is a iPhone or iPad:
- Access iCloud.com and Find my iPhone with account on the item lost
- Click ‘all devices’
- Select device that is missing and click erase iPhone