skip to navigation skip to content
- Select training provider - (Social Sciences Research Methods Programme)
Instructor-led course

Provided by: Social Sciences Research Methods Programme

This course has 1 scheduled run. To book a place, please choose your preferred date:

Thu 23 Feb 2023

[ Show past events ]

Events available

Research Data Security


This course introduces students to some of the legal issues around academic research involving personal data, and walks them through securing their research by conceptualizing and then assessing possible risks, followed by examining different ways to reduce those risks. This is delivered in a practical and non-technical way although there are some terms to do with risk assessment which may be unfamiliar to them. For this reason there is a relevant glossary provided for each session.

Target audience
  • All staff and students
Topics covered
  • UK GDPR terminology, principles, rights and research exemptions
  • Where to find guidance from the University on academic research including personal data and its linking with University Research Ethics
  • Information Security basics (CIA) and the route to acceptable residual risk
  • Assets, Threats, Threat Actors, Controls, Vulnerabilities, Impact, Likelihood and Risk
  • The Information Security Risk Assessment (ISRA) and how it compares with the Data Protection Impact Assessment (DPIA)
  • Obfuscation
  • Storage by Classification and further controls to achieve acceptable residual risk

After taking this course, students will:

  • be aware of the basic terminology, principles and rights of the UK GDPR and be able to assess which research exemptions may be relevant to their research and how this affects data subject rights.
  • be able to assimilate guidance on UK GDPR in the context of academic research and understand where ethics fits in, within the University of Cambridge.
  • be able to appreciate how appropriate security is dependent upon an assessment of risk and relate this through a pathway to focus on residual risk being acceptable
  • gain an appreciation of risk to themselves, their team, their tutors and research leads, their department and the university by the exposure of vulnerabilities in controls to certain threats and threat actors
  • be able to complete an information security risk assessment and use this, and further references, to evidence good data management practice

This course is taught online with pre-recorded lectures only – but with 2 optional Zoom Q&A sessions dotted across the year.


There is no textbook and no reading required for this course other than the student notes provided.


Moodle is the 'Virtual Learning Environment' (VLE) that the SSRMP uses to deliver online courses.

SSRMP lecturers use Moodle to make teaching resources available before, during, and/or after classes, and to make announcements and answer questions.

For this reason, it is vital that all SSRMP students enrol onto and explore their course Moodle pages once booking their SSRMP modules via the UTBS, and that they do so before their module begins. Moodle pages for modules should go live around a week before the module commences, but some may be made visible to students, earlier.

For more information, and links to specific Moodle module pages, please visit our website

How to book

Click the "Booking" panel on the left-hand sidebar (on a phone, this will be via a link called Booking/Availability near the top of the page).

Elements of Social Science Research

Events available