Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content
  1. Home
  2. About us
  3. Research governance framework 

Standards

Research governance framework 

The Gambling Commission's Research Governance Framework.

Published
30 April 2026

Last updated
30 April 2026 - Changes

Document actions
Print or save (opens in new tab)

Contents

7.1 - General principles of research data governance and research data safeguarding

All research projects should be anchored in robust data governance. All personal data used in research projects must comply with the principles of the UK General Data Protection Regulation (GDPR) (opens in new tab), Data Protection Act 2018 (DPA 2018) (opens in new tab), and Data (Use and Access) (DUAA) Act 2025 (opens in new tab) as reflected in our contractual data processing schedules. The UK GDPR, the DPA 2018 and the DUAA 2025 also contain provisions for processing personal data for research purposes. These provisions refer to 3 types of research-related purposes for processing personal data, which are:

  • archiving purposes in the public interest
  • scientific or historical research purposes
  • statistical purposes.

More information can be found in the Government Data Ethics Framework (opens in new tab). Researchers are recommended to follow UK Research and Innovation (UKRI)’s GDPR and research - an overview for researchers for additional guidance (opens in new tab).

The Commission has a responsibility to keep both personal data and non-personal data secure. Any potential sensitivity, for example personally identifiable data, will need to be identified in the data processing schedule. All researchers undertaking gambling research for or on behalf of the Gambling Commission will take all possible steps to protect the identity of, and data belonging to, people invited to take part in research during invitation, data collection, data storage, analysis and reporting in accordance with the relevant legislation.

Use of personal data in research is dependent on having appropriate safeguards in place (see Chapter 8A of the Data (Use and Access) Act 2025) (opens in new tab). These protect the rights and freedoms of the people whose personal data is being processed. Further information can be found in the ICO’s guidance on What are the appropriate safeguards? (opens in new tab).

Researchers should consider if they are choosing to use data anonymisation or pseudonymised data within their research. The UK Data Service information on research data management (opens in new tab), as well as the ICO’s Introduction to anonymisation (opens in new tab) provide further guidance on these processes.

Anonymisation allows data to be shared, whilst preserving privacy; personal data that has been anonymised is not subject to the DPA 2018. Data can be considered to be effectively anonymised when it:

  • does not relate to an identified or identifiable individual
  • is rendered anonymous in such a way that individuals are not (or are no longer) identifiable.

Anonymous information rather than personal data has fewer legal restrictions. It is also easier to use anonymous information in new and different ways, as the data protection rules on purpose limitation do not apply.

Pseudonymisation replaces or removes information in a data set that identifies an individual. However, individuals can be identified by referring to other information held separately. Pseudonymisation does not change the status of personal data and remains in-scope of the DPA 2018 regulations.

Next section
What documents are required?
Is this page useful?
Back to top