Version 5: Applicable from: 01 February 2023.
What are the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018)?
Is the Privacy Notice likely to change?
What is a Data Protection Officer (DPO)?
What is a lawful basis for processing data?
What data do you hold about me?
Do you collect information about me from other sources?
Why do you need to know about “Stable Contacts”?
Why do you ask questions about my partner and other members of my family?
Who receives my personal data?
How do I use my individual information rights?
How long will it take to receive copies of my information if I make a data subject access request?
How do I withdraw from the study?
What happens to my data if I withdraw from the study?
Is my personal data transferred to other countries?
How do you keep my data secure?
Which cookies does the study participant site use?
How do I change my cookie permissions?
Data protection means treating information about people fairly and using it properly according to the law. The DPA 2018 and the UK GDPR are data protection laws in the UK. These laws include principles, rights and obligations which apply when we process personal data. These FAQs are for anyone whose data we use for the study. We use ‘you’ or ‘your’ in this document when referring to study cohort members.
The UK GDPR and DPA give people rights over their personal data including the ‘right to be informed’. We inform participants of how their data will be used in the study privacy notice.
Yes. We review the study privacy information when we do a new survey and update it if we change how we process study data.
A Data Controller decides how and why personal data are processed. The Data Controller is responsible for ensuring that this data is processed lawfully.
UCL is the Data Controller of the personal data given to the study. Further information on the history of the study is available here: : https://ncds.info/home/about/history/. The study FAQs provide further information about other Data Controllers: https://ncds.info/faqs/
A Data Protection Officer (DPO) is a position set out in the UK GDPR and DPA 2018. Further information about the services and support that the UCL Data Protection Team provides is available here: https://www.ucl.ac.uk/data-protection/reporting-breach-or-subject-access-request/contact-data-protection-team#our-services.
We have to have a valid reason in data protection law for processing study data. This is known as a ‘lawful basis’. The lawful basis for processing study data for research purposes at UCL is ‘public task’. UCL’s ‘statement of tasks in the public interest’ explains more about the reason for using the ‘public task’ lawful basis: https://www.ucl.ac.uk/legal services/sites/legal_services/files/ucl_statement_of_tasks_in_the_public_interest_-_august_2018.pdf This statement says that public task is the lawful basis for processing study data because UCL is carrying out tasks in its capacity as a public authority when it carries out research. Research for the study is carried out in the public interest with the aim of contributing to public policy.
Table 1 ‘who we share your data with’: https://ncds.info/privacy-notice-for-participants-in-the-national-child-development-study-ncds/#share in the study privacy notice summarises the data that we hold for the study.
Yes, we collect information from other sources including:
Information from health records
Information from your health records will be made available to researchers via secure mechanisms such as the UK Data Service or similar organisations. Information that could identify you will be removed before it is shared via these organisations.
Please note that the NHS national data opt-out does not apply where we have your consent to link your health records to your survey data ‘Do you add any other information to my data?’ in the study FAQs provides further information about the National Data Opt Out and how this applies for the consent for health linkages that you have given to the study: https://ncds.info/faqs/do-you-add-any-other-information-to-my-data-2/.
Health records, combined with the information you have given us during the surveys will allow researchers to look in greater detail at what affects your health, including the factors that prevent or contribute to poor health, and how your health can affect other aspects of your life. This research will be available to policymakers seeking to improve services for you and other generations.
Information about where you live
We use your address (and previous addresses) to add information about where you live. e.g., about the local environment, weather, pollution and the facilities available.
We have also sometimes asked you for the postcodes of other members your family (e.g., your parents, or children who do not live with you). We use these to add information about the local area in which they live and to calculate the distance between family members.
We do not ask your permission to add this information because the data is not individual level information about you. Usually, this information is publicly available and adding this information does not require us to share any of your personal information with any other organisations.
However, if you would prefer that we don’t add any information about your area to your study record then please let us know by contacting us at:
Email: ncds@ucl.ac.uk
Post: National Child Development Study, Centre for Longitudinal Studies, UCL Social Research Institute, 20 Bedford Way, London WC1H 0AL
Other information
We also add other information, which is not about you individually, but is for example about the school or University that you went to.
We ask you to give us contact details for your partner (if you have one) and someone who you don’t live with (e.g., a relative, a neighbour, a friend) so that we can get in touch with them if we are unable to contact you. We refer to these people as ‘Stable Contacts’. In rare circumstances we may contact your stable contacts if someone tells us that you are at risk of harm.
Our surveys often include questions about your partner, parents, children and other people who you may live with. This is important because family circumstances have a huge impact on people’s lives. We ask for some personal information relating to family members including names. This is so that in later surveys we can refer back to them and ask if their circumstances have changed.
We have also sometimes asked you for the postcodes of other members your family (e.g. your parents, or children who do not live with you). We use these to add information about the local area in which they live and to calculate the distance between family members.
We will not include any information that could allow your partner or other family members to be identified in the data made available to researchers.
Our service providers
Other organisations may receive your data when they provide us with services related to the study. We use Dot Digital and Qualtrics to contact you about the study. Nat Cen Social Research has been contracted to carry out the Life in Your Early 60s Survey (with Kantar carrying out some of the fieldwork for them) on our behalf. INUVI carry out some of the health visits in the Life in Your Early 60s Survey. Kantar conducted the COVID-19 Surveys.
Biological laboratories
With permission, we collect biological samples from you which are then sent to accredited laboratories that store and process these samples for research.
Providers of ‘administrative’ data
With permission, we share contact details and personal information with government agencies so that we can link data from their records to study data.
The research community via safe data sharing platforms
Pseudonymised study data is made available for research purposes to the research community from around the world under secure access arrangements. Research data include survey responses as well as other research data such as linked administrative data, information about your area, and are either securely deposited at UK data sharing repositories called “Trusted Research Environments” (TREs) such as the Secure Lab at the UK Data Service and the SeRP via the UKLLC or released directly to the researchers following substantive data de-identification.
Access to sensitive data or data that could identify you is managed by the DAC: https://cls.ucl.ac.uk/wp-content/uploads/2017/02/CLS_DAC_Terms_of_Reference.pdf. Information about how researchers access data from the study, is described on the CLS website at ‘Accessing data directly from CLS’: https://cls.ucl.ac.uk/data-access-training/data-access/accessing-data-directly-from-cls/.
Researchers can apply to CLS Data Access Committee (DAC):
Organisations that we communicate our research to
Pseudonymised survey responses may be quoted in press communications about the research and study data. Other people will not be able to identify you through your responses unless you have agreed to reveal your name.
Public authorities and your stable contacts
In exceptional circumstances, your personal data may be shared securely with public authorities/your stable contacts, if something you tell us indicates that someone is at risk of harm.
Individual rights requests (e.g., ‘can I have a copy of the survey data that I’ve given to the study’) can be sent to us at:
Phone: 0800 035 5761
Email: ncds@ucl.ac.uk
Post: National Child Development Study, Centre for Longitudinal Studies, UCL Social Research Institute, 20 Bedford Way, London WC1H 0AL
We normally respond to data subject access requests within 1 month.
You have the right at any time to withdraw from the study. You can withdraw from the study as a whole, or from just a particular survey, or from having your biological samples collected or from the records linkage programme. If you send us a request to withdraw from the study, we would be grateful if you could specify what your withdraw request covers so that we know what to do with the data that we already hold. If you want to withdraw, you can contact us at:
Phone: 0800 035 5761
Email: ncds@ucl.ac.uk
Post: National Child Development Study, Centre for Longitudinal Studies, UCL Social Research Institute, 20 Bedford Way, London WC1H 0AL
Your contact details:
Your contact details will be removed from our mailing lists as well as the mailing lists of the external organisations we contract to carry out the study. We will not contact you again to ask you to participate in NCDS.
We will, however, continue to securely store your contact details within the Centre for Longitudinal Studies (CLS) because this provides us with a record of your previous participation, along with your request to be permanently removed from the study. This will help us to ensure that we do not contact you again. If you have given us permission, then your contact details will also still be used by us to add information from administrative records held by government agencies (described below).
Your survey data:
The information you have given to the study over the years has been deposited in pseudonymised form at secure data sharing platforms including the UK Data Service and the UK Longitudinal Linkage Collaboration. Your pseudonymised data will continue to be made available to researchers via secure data sharing platforms unless you request for it not to be.
We will continue to store this information securely within the Centre for Longitudinal Studies (CLS). The survey data that you have given to NCDS is important research data collected in the interest of the public. Our research findings are widely used to shape policy and practice.
Your biological samples:
If you have given us consent to store any biological samples you have provided for future analysis, these will continue to be stored. The samples and data deriving from them will continue to be used for research unless you request for this to stop.
Information from administrative records held by Government departments and agencies:
If you have previously given consent for us to add information from administrative records held by government agencies such as the Department for Work and Pensions (DWP), HM Revenue and Customs (HMRC) and the National Health Service (NHS) to the data you have provided us during the surveys, we will continue to add information from these records unless you request us not to. Any data from these records which has already been obtained and deposited in pseudonymised form at data sharing platforms will continue to be made available for research purposes.
Mortality information from the NHS:
NHS England periodically informs us if study members have died. The files we receive from NHS England tell us when study members have died (month and year) and the cause of death.
Receiving this information helps us ensure we do not try to contact people who have died. We also use it for important research.
We will continue to receive this information if you withdraw from the study, unless you request that the data you have provided to the study is deleted.
Information about where you live:
We use your address (and previous addresses) to add information about where you live such as the local environment, weather, pollution and the facilities available (e.g. shops and green spaces). The information that we add may be about your local area as a whole, your street or sometimes your specific address. We will continue to do this, using the information we hold about where you lived up to the point at which you stopped taking part in the study. More details about how we add information about where you live is available here:
https://ncds.info/faqs/#about-adding-other-information
Pseudonymised research data are shared securely with researchers and research organisations from across the world. Biological samples are sent for analysis at laboratories outside of the UK under secure agreements.
We respect that you have donated your data to the study. We are committed to treating study data confidentially and keeping it secure. We keep study data secure when working on it, sharing it with other organisations or linking data to study records. The following measures are in place to keep this data secure:
Research ethics committees
Research projects involving personal data are scrutinised and approved by a research ethics committee so that our research is carried out to ethical standards.
Independent registration and standards
As part of UCL, we:
Governance and accountability
The following people, committee and group ensure that we process your data appropriately:
Information Asset Owner (IAO)
The CLS Managing Director is also Information Asset Owner (IAO) and is accountable to the UCL Senior Information Risk Owner (SIRO) for ensuring risks associated with processing personal data at CLS are properly managed. The IAO is assisted by other roles including CLS Information Asset Administrator, Records Manager and Archivist, and Information Governance and Data Protection Officer.
CLS Data Access Committee (DAC)
Access to CLS research data is controlled by the DAC. Further information about DAC is available here: https://cls.ucl.ac.uk/wp-content/uploads/2017/02/CLS_DAC_Terms_of_Reference.pdf.
CLS IG Steering Group (CLS IG SG)
CLS IG SG, is chaired by CLS’ Managing Director and attended by representatives from across CLS. This group meets regularly to oversee information governance and data protection issues at CLS.
CLS Information Asset Administrator (CLS IAA): The CLS IAA is responsible for the proper handling of information within CLS studies.
CLS Records Manager and Archivist: The CLS Records Manager and Archivist holds senior responsibility for records management, physical and digital archives, legacy data and bio-samples management.
CLS Information Governance and Data Protection Officer (CLS IG/DPO): The CLS IG/DPO monitors and evaluates CLS’ processing activities and supports teams to ensure CLS complies with formal laws and standards.
CLS research data governance: CLS research data is governed by the principles and procedures set out in the CLS Research Data Access Framework and CLS Data Classification Policy.
Security measures
The following security measures help keep your data secure:
Policies, procedures and training
All CLS staff are required to follow UCL’s data protection and Information Security Policies.
Risk management
We ensure that any risks to your data are documented, assessed and managed:
CLS and our third-party service providers use cookies and similar technologies. When the study page is visited, it sends a cookie to the device used to visit the page. Cookies are small text files of information which are placed on devices when our sites are used. Cookies are used to:
Cookie preferences can be manged on personal devices. This is usually done by selecting the options available in the ‘cookies and site permissions’ option in the settings menu.
Find out how to manage cookies on popular browsers:
We can be contacted at:
Phone: 0800 035 5761
Email: ncds@ucl.ac.uk
Post: National Child Development Study, Centre for Longitudinal Studies, UCL Social Research Institute, 20 Bedford Way, London WC1H 0AL
If after contacting us, there are still concerns about how personal data is being processed, the UCL Data Protection Office can be contacted at: data-protection@ucl.ac.uk or Private and Confidential, Data Protection Officer, UCL Gower Street, London WC1E 6BT.
We hope that we will be able to resolve any complaints that there may be about the study.
Study members have the right to complain to the ICO – the independent regulator which upholds information rights in the UK. Further information about making complaints to the ICO is available at: https://ico.org.uk/make-a-complaint/your-personal-information-concerns/.
Further information about the study is available in the study Frequently Asked Questions (FAQs): https://ncds.info/faqs/.
This webpage was last updated on: 01 February 2023
