Standards
Research governance framework
The Gambling Commission's Research Governance Framework.
7.2 - What documents are required?
Each research project that involves the collection of new data or the processing of non-anonymised human data requires the following documents.
Data management plan
A Data Management Plan (DMP) should include details on:
- description of the data
- data collection and/or generation
- data management, documentation and curation
- data security and confidentiality of potentially disclosive information
- data sharing and access, including making data available for reuse
- responsibilities of each researcher and/or each member of the research team in managing data for the research project.
Research Managers should use our generic DMP and adapt it to each project. External research suppliers should also create a DMP for their side of data governance. This needs to be completed and submitted to the Research Governance Manager prior to ethical approval.
Researchers can refer to additional guidance in the Digital Curation Centre (DCC) Data Management Plan guidance (opens in new tab). Researchers may also consider the UK Data Service plan to share (opens in new tab) guidance.
Data Protection impact Assessment
A Data Protection Impact Assessment (DPIA) is recommended for any project which requires the processing of personal data that is likely to result in a high risk to individuals rights and freedoms. More information can be obtained from the Information Commissioner’s Office (ICO) Data Protection Impact Assessments (opens in new tab).
Should a DPIA be necessary for a project, this needs to be completed and submitted to the Research Governance Manager prior to ethical approval.
Previous sectionGeneral principles of research data governance and research data safeguarding Next section
Data sharing
Last updated: 30 April 2026
Show updates to this content
No changes to show.