Visit Staff Guidance on Data Protection web pages
The University of Oxford's Compliance team provides extensive guidance for those handling personal data, to enable the University to meet legal requirements.
Researchers who will be gathering or working with personal data should see in particular the Data Protection by Design framework (SSO login required): all new University activities which will involve personal data need to work through this process.
The framework takes the form of an initial screening questionnaire, followed by either completing a full Data Protection Impact Assessment (DPIA, for higher risk projects), or a lighter weight Data Protection Assessment (DPA, for lower risk projects). As well as providing a helpful checklist to ensure that all relevant data protection issues have been considered, the questionnaires also form an important part of the University's record keeping.
The Creating Privacy Notices page (SSO login required) may also be of interest to researchers who will be collecting personal data directly from subjects - for example via an online survey. The page offers a number of pre-written privacy notices for various groups, plus guidance on creating a more customised notice where this is needed.
The Data Protection and Research web page, which is part of the main Research Support website, offers an overview of data protection issues as they apply in a research context.