Research Privacy Notice

We take our responsibilities to the processing and security of research data seriously, this includes complying with the EU General Data Protection Regulation (GDPR) and the UK’s Data Protection Act 2018 in all our research projects.

As a research participant you should read the specific research project’s Participant Information Sheet in detail and feel free to ask any questions regarding the study including how your personal data will be used and stored.

This information will be kept up to date and you can revisit this site at any time.

Lawful Basis

GDPR requires all organisations to specify a lawful basis for data processing. Lancaster University’s lawful basis for processing identifiable personal data for the majority of research projects is ‘task in the public interest‘.

Processing special categories of data, such as health data or political opinions, needs more protection as it is more sensitive information. Lancaster researchers are processing in accordance to the condition ‘necessary for scientific research in accordance with safeguards’.

Please be aware that due to the university’s lawful basis for processing data for research, some of your data rights may be affected; such as you may not be able to withdraw your information after it has been combined with other participant’s information. If you are unsure about this, please discuss in advance with the research team who will be able to advise you.

Staff at Lancaster University, beyond the research team, may occasionally need to also access research data. This could be for compliance checks or for preparing case studies to disseminate the impact the research has had on the wider environment beyond academia.

Please note: The above lawful basis for processing research data applies to all current research projects at Lancaster University. As Lancaster has an ethical review process we are confident that participants will be aware of how their data will be used/stored and so do not feel it is ethical to re-contact all participants to inform them of the new lawful basis, this does not affect participant rights.

You are highly likely to be asked to give consent before taking part in a research project with Lancaster University, this is to satisfy ethical or common law requirements. Your personal data will still be processed as a ‘task in the public interest’ under data protection law.

Data Security

The university has robust security information policies in place to protect your personal information. All staff in the University have a responsibility to make sure that your data is handled securely. For further information please refer to the University’s Information Security Policy and Processes.

Research Excellence Framework

As part of the Research Excellence Framework 2021 exercise information relating to external parties will be collected. A data collection statement is available.


Questions or concerns about research projects should be directed to the contacts shown on the project’s Participant Information Sheet.

If you have any concerns or complaints about the use of your personal data in Lancaster’s research projects please contact the university’s designated Data Protection Officer:

Mike Abbotts, Information Governance Manager


Contact Mike if you have any concerns or complaints about this Notice or about the way your personal data is being used.

Lancaster University is the Data Controller for the personal data that it holds about you. The University’s contact details are:

Lancaster University




United Kingdom

If you are not happy with the way the University has handled your concern or complaint then you may submit a complaint to the Information Commissioner’s Office.

Linked icons