GDPR Guidance > What the law says >
Safeguards are the measures that are taken to ensure that data is processed securely, accurately and in accordance with data protection principles.
Under GDPR, there is a strong emphasis on implementing safeguards for personal data for research. This means that you should give consideration to the arrangements for security and storage of data, and ensure that data are pseudonymised or anonymised wherever possible, and that personal data are only collected when needed (known as ‘data minimisation’). If you can undertake some or all of your research activities without using identifiable personal data, you should make arrangements to do so. Adhering to the UK Policy Framework for Health and Social Care Research provides further safeguards, eg obtaining REC favourable opinion.
All processing of health or genetic data for the purposes of research needs to meet the safeguard of being in the public interest, eg by being conducted in accordance with the UK Policy Framework for Health and Social Care Research.