General Data Protection Regulations (GDPR) 2018
The Modern Records Centre performs all the functions, duties and responsibilities set out in the statement of purpose published on our website, together with any statutory responsibilities laid down for HE archives generally that apply to this repository.
The Modern Records Centre produces, holds, and uses documents:
- in any and all formats and media
- in physical and digital form, both online and offline
- on the Modern Records Centre premises and externally.
The Modern Records Centre produces, holds, and uses documents for the purposes of:
- accessioning records in line with its records collection policy
- preserving its collections
- managing its collections
- making its collections accessible
The Modern Records Centre will process personal data in accordance with the General Data Protection Regulations 2018.
The regulations apply to two sets of data:
1. Data collected for administration purposes; registration of researchers and legal agreements with depositors/owners
2. Data held within the archives.
Data collected for administration purposes
Any data collected is for the purposes of access to the Modern Records Centre or the deposit of archives with the MRC and will be held in accordance with the regulations for the appropriate period.
All visitors and depositors need to sign an agreement that their data can be held by the Centre for such purposes and for the appropriate time.
Data collected from visitors and researchers on registration forms is for the purpose of secure access to the archive collections and to provide a more helpful and productive visit. We need to record contact details, ID verification and the purpose of your visit/area of research interest. The registration forms are held for 3 years.
Data collected from depositors/owners is required to manage the collections; to record the source, provenance, terms and conditions on which the collection is held. Contact details of depositors/owners are required in case of changes to access conditions, copyright enquiries and disaster recovery. The data should be updated regularly and remain in use while the MRC holds the archives concerned - in most cases this is long term or permanently.
Data held within the archives
The MRC is an established and recognised archive and under the terms of the GDPR it performs ‘archiving in the public interest’. The MRC provides free and open access to its collections and meets the standards expected of archive repositories in the UK. It is listed on the National Register of Archives by The National Archives: http://discovery.nationalarchives.gov.uk/details/a/A13530051 and has a publicly accessible website and catalogue.
Data held within the archives is still subject to the UK safeguards contained in section 19 of the Data Protection Act 2018. Processing for archiving in the public interest will not meet the safeguard requirements if it is: ‘likely to cause substantial damage or substantial distress to a data subject’
We request that all researchers take note of the General Data Protection Regulations 2018 and the revised Data Protection principles.
As researchers you are required to abide by the GDPR in your research
Under Article 89 (3) of the GDPR personal data processed for archiving purposes in the public interest is permitted subject to certain safeguards. Those safeguards shall ensure that technical and organisational measures are in place to ensure respect for the principle of data minimisation.
This means you will need to pseudonymise or anonymise your data if it relates to a living person, contains personal or sensitive information and that person could be identifiable from your research. This is particularly important if your research is intended for publication.
We will make every effort to notify you of any circumstances where you are likely to encounter such data but you are responsible for the processing of such data.
GDPR Article 89:
1. Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject.
Those safeguards shall ensure that technical and organisational measures are in place to ensure respect for the principle of data minimisation.
Those measures may include pseudonymisation provided that those purposes can be fulfilled in that manner. Where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner.
2. Where personal data are processed for scientific or historical research purposes or statistical purposes, Union or Member State law may provide for derogations from the rights referred to in Articles 15, 16, 18 and 21 subject to the conditions and safeguards referred to in paragraph 1 of this Article in so far as such rights are likely to render impossible or seriously impair the achievement of the specific purposes, and such derogations are necessary for the fulfilment of those purposes.
3. Where personal data are processed for archiving purposes in the public interest, Union or Member State law may provide for derogations from the rights referred to in Articles 15, 16, 18, 19, 20 and 21 subject to the conditions and safeguards referred to in paragraph 1 of this Article in so far as such rights are likely to render impossible or seriously impair the achievement of the specific purposes, and such derogations are necessary for the fulfilment of those purposes.