To help comply with legislation, international transfers of personal data or other high-risk data must be documented in the Data Management Plan before the start of the project.
These should be documented in the following sections/questions of the BU Data Management Plan (DMP) template:
Ethical and legal compliance
It is potentially a breach of UK GDPR to transfer personal data outside of the UK. This could include sharing research data with a partner employed at another institution. It therefore needs to be documented in a Data Management Plan (DMP) if data will be shared/transferred to people or organisations outside of the UK.
A comprehensive guide to international transfers has been produced by the Information Commissioner's Office (ICO). It includes a checklist of conditions that would allow the international transfer of personal data, including a list of all the countries or territories covered by 'adequacy regulations'.
Researchers must familiarise themselves with the Trusted Research Agenda.
The Trusted Research Agenda raises "awareness of the risks associated with research collaborations that involve organisations or research partners with links to nations whose democratic and ethical values are different from our own."
Personal or special category data, or other high-risk data, must be managed appropriately to avoid placing individuals at risk, breaching export controls, international sanctions or theft of intellectual property.
The Data Management Plan must document: