How we keep your information safe

At the NIHR BioResource, your privacy is a top priority. We follow strict standards to ensure your personal data is handled securely and confidentially.

You can read the NIHR BioResource Privacy Notice to learn more about your rights, including how to access your data or withdraw from the study at any time without needing to give us any reason.

Our approach to Data Security Technical Safeguards
  • Information is stored in a protected secure data centre. Physical documents are stored in locked facilities with limited access. Personal details are stored separate from genetic data.
  • Access is carefully monitored. Only staff with a specific need and authorisation can view personal information
  • Data is encrypted during transfer when we have to move it - like with online shopping and banking.
  • All staff receive thorough training to understand how to handle data safely and keep information safe.
  • Researchers can apply for access to data through the Data Access Committee and, once approved, will only get access to data that is relevant to their research question
  • We regularly review our processes to ensure standards are maintained. We complete the Cyber Assessment Framework aligned NHS Data Security and Protection Toolkit, which is a standard for organisations handling genetic information and/or NHS patient data to ensure the right processes and safeguards are in place
            Who can see my information?

            We may use your personal details to ask for additional information about you from public bodies. For information relating to health, this involves us sending some personal details to your GP, hospital or to NHS central records, and them sending back information that is then added to the data held at the secure data centre.

            As part of our Recall function, researchers, whether academic or commercial, can request access to data. They must show how their work benefits the public and sign an agreement to commit to keeping your data safe.

            Researchers can view and analyse data in a Trusted Research Environment (TRE, also known as Secure Data Environment, or SDE) or receive a copy in a limited number of cases.

            Identifying details are removed before access is granted and researchers must not attempt to re-identify individuals. These safeguards are important because data is “de-personalised” (sometimes called “de-identified” or “pseudonymised”) and is not truly anonymous. Researchers never have access to the secure data centre where personal and health data are stored.

            Illustration of 3 levels of identifiability, from identifiable to anonymous via a pixelated "de-personalised" person

            We publish a list of all approved researchers, their organisations, and the purpose of their studies.


            The BioResource does not sell your data to thid parties or share your personal information and data with insurance companies. This is in accordance with the UK government’s Code of genetic testing and insurance. The code commits that insurance companies do not ask for, or consider, the results of predictive tests obtained through scientific research.

            Related pages for contacts

            Related pages