For REF 2021, a Model REF Data Collection statement was made available for Higher Education Institutions (HEIs) to use alongside their data collection activities. This was intended as a helpful document to support transparency.
For REF 2029, we have taken a different approach.
Each participating HEI collects data in its own operational, legal, and organisational context. Data subjects may be informed through different channels, for different purposes, and under different lawful bases. As a result, a single, REF-provided data collection statement cannot accurately reflect all HEIs data collection practices.
Instead, REF 2029 will continue to publish its own data protection statement, setting out clearly and transparently how data is handled once it has been submitted to REF. This includes how the data is used, stored, shared, and retained during its lifecycle within the project.
HEIs remain responsible for ensuring that any data they submit to REF has been collected lawfully and transparently, in line with current data protection legislation. HEIs are best placed to determine what information to provide to individuals at the point of data collection, considering their specific processes and the nature of the data involved.
To support HEIs in this, we recommend referring to the Information Commissioner’s Office (ICO) guidance on transparency and privacy notices, which provides practical advice and examples tailored to different collection scenarios. HEIs may wish to consult the following ICO guidance:
- Create your own privacy notice | ICO
- UK GDPR guidance and resources | ICO
- Privacy notices and cookies | ICO
- Are you transparent about how you use peoples data? | ICO
REF 2029 will assume that data submitted by HEIs has been collected in compliance with applicable data protection requirements. Details of the data expected to be submitted are set out in REF 2029 policies, and HEIs will be most familiar with the content and context of the data they provide.