UK GDPR (General Data Protection Regulation) and the Data Protection Act 2018

The UK GDPR (General Data Protection Regulation) and the Data Protection Act 2018 are laws designed to protect individuals' personal data and privacy rights by regulating how organisations collect, use, store, and transfer such data.

It is important when collecting, storing or otherwise processing data to be aware of the data protection principles in Article 5 of the United Kingdom General Data Protection Regulation (UK GDPR) and other requirements set out in the UK GDPR and supplemented by the Data Protection Act 2018. Your organisation is likely to have a privacy notice for the processing of personal data.

When conducting your evaluation you may find that you are able to ask / answer some questions without gathering personal data (defined as any data by which an individual can be directly or indirectly identified), such as when asking for feedback.

However, if you are trying to gauge whether your service has had a long-term impact, that could involve keeping a record of who has given which responses so that you can follow up and compare to see whether those responses change over time.

Please note: while we have made every effort to ensure the accuracy of this information, it is your responsibility to ensure you are UK GDPR compliant


Data must be used fairly, lawfully and transparently; used for specified, explicit and legitimate purposes (and not used in a way that is incompatible with those purposes unless it is for archiving, research or statistical uses and the data is pseudonymised and the ‘key’ to re-identifying any personal data is kept separate and secure); used in a way that is adequate, relevant and limited to only what is necessary; accurate and, where necessary, kept up to date; kept for no longer than is necessary; handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

The UK GDPR  states that you should have a lawful basis for processing any personal data.

There are several legal bases listed in Article 6, and only one of those legal basis is via consent. You can explicitly ask the individual for permission to process their data in the ways you have stated beforehand. It is also possible to show a Legitimate Interest in processing the data, where an individual might reasonably expect their data to be used in a related way and  likely benefits. Your organisation’s privacy notice should cover this.

This includes information about race, ethnic background, religious beliefs, health, sex life or orientation, trade union membership and biometrics.

A Guide to Data Protection 

Those whose data you are processing have certain rights, which you will need to uphold see here.

Password protecting an Excel sheet or Word document can provide an additional layer of security to prevent unauthorised access to sensitive information.

This can be particularly important when sharing the document with others or when the document contains confidential or sensitive data.

By setting a password, only those who have been provided with the password can access and make changes to the document, helping to protect the information contained within.


  • To password protect an Excel sheet, go to the Review tab, click on Protect Sheet, and enter a password.


  • To password protect a Word document, go to File, click on Info, select Protect Document, and choose Encrypt with Password.


Here are a few more tips for keeping your sensitive information secure:


  1. Use strong passwords: Use a combination of upper and lower case letters, numbers, and symbols. Avoid using obvious words or phrases, such as “password” or “123456”.
  2. Don’t share your passwords: Only share your passwords with trusted individuals and make sure they understand the importance of keeping the information secure.
  3. Be careful when emailing sensitive information: If you need to send sensitive information via email, make sure to use an encrypted email service or password-protect any attached documents.
  4. Keep your software up-to-date: Make sure that your operating system, antivirus software, and other security tools are all up-to-date to protect against the latest threats.
  5. Backup your data: Make sure to regularly backup your important files and data to a secure location, in case your device is lost, stolen, or compromised.

Here’s an example data protection disclaimer you could use for a survey or questionnaire:

Example Disclaimer

Here’s an example data protection disclaimer you could use for a survey or questionnaire:

“Your privacy is important to us, and we are committed to protecting your personal information. Any information you provide will be used solely for the purposes of this survey and will not be shared with any third parties. Your responses will be kept confidential, and all data will be securely stored in compliance with data protection regulations. By completing this survey, you consent to the use of your data in this way.”

Note: You may need to tailor the disclaimer based on the specifics of your how you are collecting the data and provide your privacy notice  at the time you collect the data, so that data subjects are given all the information required by law- this disclaimer does not cover all mandatory information that needs to be provided. .


Example Disclaimer