GDPR Guidance > What you need to do >
In general, the expectations for safeguards should already be being met for research through existing arrangements. Organisations will need to ensure they have safeguards that are compliant, but for researchers the main change will be to review whether there is sufficient data minimisation. For example, this might include ensuring that you justify any use of initials and/or date of birth on Case Report Forms.
You should already have unit, department or organisational policies relating to confidentiality, security, and handling of personal data. Any study specific changes to increase the safeguards in order to comply with GDPR should be documented in a non-notifiable, non-substantial amendment.