How does GDPR affect the Child of the New Century study?

The Child of the Century collects personal data from you, so it needs to be compliant with GDPR, which sets out the duties and responsibilities we have to you, and your rights regarding the personal data that we hold and process.

The study is managed by the Centre for Longitudinal Studies (CLS), which resides at University College London (UCL). UCL is the ‘Data Controller’ for this study. We contract with different external organisations who carry out our surveys on our behalf.  These organisations act as ‘Data Processors’. For the Age 17 Survey, the fieldwork was contracted to Ipsos MORI and NatCen Social Research. We use external mailing companies to post study updates to you between each survey, and they also act as a data processor.

The study is funded by the Economic and Social Research Council (ESRC) and government departments. The aim of the study is to generate data for research purposes and its funders and UCL are Public Authorities/ Bodies – this is regarded as a ‘Task in the Public Interest’ under GDPR – and is the lawful basis on which we are permitted to process your personal data.

In addition, we comply with all the relevant legislation on protection of confidentiality. We have received externally certified accreditation to the NHS Digital Information Governance Toolkit standard, which allows us to hold data from the NHS, and which also provides you with assurance that your data is secured and protected in the strongest possible manner.