The European Union Data Protection Regulation (GDPR) provides new rights for people whose data we hold and new responsibilities for all members of the University Group. The GDPR came into force on 25 May 2018. At the same time, a new UK Data Protection Act 2018 was enacted to enable the UK to maintain the same standards of privacy when it leaves the European Union. As the University is a global organisation, the law applies to the personal data we communicate and receive in the course of our activities worldwide. This means that the law applies to research undertaken on all of our UK and international campuses, in academic partnerships and by fieldwork, no matter where in the world these activities take place. This guide for researchers is one of a series of communications for different groups within the University.