Since only de-identified data is permitted in PsoProtect, General Data Protection Regulation (GDPR, a regulation in European Union law) technically does not apply. However, since GDPR is held up as a worldwide gold standard for best practice regarding data protection and privacy, we have nevertheless followed GDPR principles:
Data fields included in the PsoProtect survey have been carefully selected to prevent traceability of the collected data to the identities of individual people. The only people with knowledge of patient identity are the healthcare professionals entering data at local sites.
The data collected within PsoProtect is housed in secure servers that are built and hosted by UKCloud, in compliance with best practice (GDPR Article 32: technical and organisational data protection measures). The data is collected and processed solely for the purpose of scientific and medical research undertaken in the public interest (GDPR Article 6/9: legal basis for processing), and all resulting outcomes will apply robust aggregation techniques before being publicised and shared for the advancement of scientific and medical knowledge and its translation into clinical practice.
Please read our Data Privacy Notice.