University home > University Secretary's … > Data Protection > Advice on Research > Research guidelines - Section 33 …

1. Introduction

Personal data used for research purposes must be dealt with in accordance with the Data Protection Act 1998 ("the Act"). Under Section 33 of the Act personal data may be exempt from some of the data protection principles where it is processed only for research purposes and is not used to make individual decisions for as long as the processing does not:

• cause damage or distress to the individual; and
• as a result of the research itself, identify any data subject.

2. Section 33 Conditions Explained - The Research Exemption

Section 33 of the Act makes special provisions (detailed in sections 3-5 below) for research if the research activity fulfils ALL of the following conditions:

• The personal data is being used exclusively for research purposes (includes statistical or historical research purposes). The personal data must have no other use, not even incidental use;
• The personal data is not being used to support measures or decisions relating to any identifiable living individual (not just the data subject but anyone who may be affected by your research);
• The personal data is not being used in a way that will cause, or is likely to cause, substantial damage or substantial distress to any data subject; and
• The results of the research activity, or any resulting statistics, must not be available in a form that identifies the data subjects.

If the research activity cannot fulfil ALL of the conditions set out above, please contact your departmental Data Protection Adviser and/or the Information Rights Officer at data-protection@bristol.ac.uk for advice.

3. May use personal data for a new purpose

Under the Second Data Protection Principle,  personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or purposes.

However the second part of this principle does not apply to further processing of personal data only for research purposes and the research activity is exempt from this requirement provided that the research activity has met all the conditions for the Research Exemption.

4. May keep the personal data for a research purpose

The Fifth Data Protection Principle says that personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or purposes.

However this does not apply to personal data processed only for research purposes and the research activity is exempt from this requirement provided that the the research activity has met all the conditions for the Research Exemption.

5. Need not inform the data subject about the handling of their personal data

The Sixth Data Protection Principle requires that personal data shall be processed in accordance with the rights of data subjects set out in Section 7 of the Act.

Research activity may be exempt from only one of the data subject's rights set out in Section 7 of the Act, i.e. the requirement to provide the data subject with access to their personal data provided that the research activity has met all the conditions for the Research Exemption.

Further advice can be obtained from the University’s Information Rights Officer at data-protection@bristol.ac.uk.