Speaker: Mike Abbotts
Information Governance Manager & Data Protection Officer for Lancaster University. Mike has been working in Information Governance for 15+ years and has been in the higher education sector for just over 8 years. Prior to this, Mike worked in Information Governance for several NHS Trusts across the country.
This seminar set out the key elements of GDPR, highlighted the risks of breaching these regulations, and provide practical advice for researchers working with publicly available data.
UK GDPR
The UK GDPR came into force on 25 May 2018.
Brexit did not change its implementation in the UK (although change may be coming).
View GDPR as framework to work within, rather than a straight line to follow, and document justification of your decision-making at every step.
Key points
Processing - a legal ‘catch all’ for doing something with personal data.
Even when data is publicly available, all the GDPR protections apply.
Legal and ethical requirements are different. Data protection is a legal requirement.
Different organisations will have different rules depending on risk appetite. Engage with local governance teams and Data Protection Officers.
Excellent resources are available on the ICO website e.g., template for DPIAs and research provisions guidance.
View GDPR as framework to work within, rather than a straight line to follow, and document justification of your decision-making at every step.
- Breaching GDPR risks reputational damage and large fines. The public are very aware of their rights.
Copyright Information
As part of CREST’s commitment to open access research, this text is available under a Creative Commons BY-NC-SA 4.0 licence. Please refer to our Copyright page for full details.
IMAGE CREDITS: Copyright ©2026 R. Stevens / CREST (CC BY-SA 4.0)