Researchers should always seek to take account of all the relevant evidence and present their research without omission, misrepresentation or deception.

This means in practice that researchers should ensure that when they are formulating their research questions, designing surveys, questionnaires or interviews they do not predetermine or prejudice the outcome through their choice of questions or actions.

Researchers need to ensure that they are aware of all the relevant national and international laws that may affect their research project. With collaborative projects which cross legal borders, this may involve various laws. Ones of particular relevance (and to be aware of) will be in regards to data protection and intellectual property. These will be discussed in more depth in this chapter.

Researchers should aim to avoid or minimise social harm to groups or individuals when conducting their research projects. This means that the research project should be designed responsibly and consider participants throughout. For example, participation in the research project should be voluntary and on the basis of fully informed consent.

If you collect research data that enables you to identify a person, then this is classified as personal data. Within the General Data Protection Regulation (GDPR, European Union, 2016a) personal data is defined as any information relating to an identified or identifiable natural person known as ‘a data subject’. It is further specified that an identifiable natural person is someone who can be identified, either directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data can include a variety of information, such as names, address, phone number and IP addresses.
The GDPR applies only to the data of living persons. Data which do not count as personal data do not fall under data protection legislation, though there may still be ethical reasons for protecting this information.

Sensitive personal data

Certain personal data are considered particularly sensitive and thus require specific protection when they reveal information that may create important risks for the fundamental rights and freedoms of the involved individual. Examples of sensitive personal data include data revealing religious affiliation, sexual orientation, or racial or ethnic origin. Within the GDPR the following categories are defined as ‘special categories of personal data’:

• Racial or ethnic origin;
• Political opinions;
• Religious or philosophical beliefs;
• Trade union membership;
• Genetic data;
• Biometric data;
• Data concerning health;
• Data concerning a natural person's sex life or sexual orientation.

There are other data which may contain sensitive information which do not fall under the special categories of personal data but should still be treated as such, including, for example, confidential business data and secret data concerning state security.