If you handle personal data from human participants, confidential or sensitive information, you must take all reasonable steps to safeguard it and must observe the University’s Data Protection Policy, the Regulations governing the use of computing facilities, the Information Security Policies and Procedures Guidance, particularly with regard to removable media, mobile, and privately owned devices.
Sensitive or confidential information, which postgraduate researchers (PGRs) may be generating and/or handling as part of their research, should only be kept in a cloud storage service that is approved by the University. It may be useful for PGRs to look at the University Privacy Impact Assessment screening and form, as well as the Privacy Impact Assessment guidance document alongside any ethics applications being made.
Please see the Research tools and resources page for recommendations and requirements on the use of survey tools, especially in relation to the introduction of the General Data Protection Regulation, which applies from 25 May 2018.