What we do
Perspectives
About
Take Part
Back to blog
07 April 2025
Methods

Built for trust: how data protection shapes everything we do

How Thiscovery combines rigour, practical safeguards and research ethics to protect participant data and generate trusted, high-quality insight.

Written byJenni Burt (Chief Scientific & Innovation Officer)

Link copied

At Thiscovery, we work with clients and partners across the health and care ecosystem. Every day, we collaborate with a wide range of people who contribute to our projects. These include patients, clinicians, researchers, innovators, specialists and members of the public.

When people take part in a Thiscovery project, they are often sharing sensitive or personal information. Protecting that data is more than a legal obligation. It is a matter of trust.

From producing insights that aid frontline service evaluations to the development of early-stage product testing, our work is designed to meet high standards of privacy, security and transparency.

Helping you meet your obligations with confidence

We do this by aligning with the UK General Data Protection Regulation (GDPR), by working within recognised research governance frameworks, and by actively embedding best practice in how we operate day to day.

We work in line with the new Data Use and Access Act (2025), UK General Data Protection Regulation (GDPR), and recognised research governance frameworks. These aren’t optional requirements. They’re the foundation of how we operate. We actively embed best practice in our day-to-day work, combining legal compliance with a commitment to trusted, ethical research.

We are also proud to be certified under the government-backed Cyber Essentials scheme. That means our internal systems meet key technical standards designed to guard against the most common cyber threats. For clients and collaborators, it is one more sign that we take data protection seriously.

Whether you are a digital health business preparing for NHS onboarding, an academic partner or a research team planning work with patients and staff, we know how to help you meet your obligations, reassure participants and keep your project on track.

Why data protection matters in our work

We deal with knowledge, experiences and stories that are often highly personal.

"That means data protection is not just a technical exercise. It is part of how we build confidence in the process and create the conditions for meaningful participation.”

In regulated sectors like health and care, good data protection is also a signal of professionalism. It shows that your organisation can be trusted with sensitive data. It makes it easier to meet funder expectations, gain ethical approval, and navigate NHS information governance requirements.

That is why we start from strong foundations. We base our work on the seven principles set out in UK GDPR, and we translate them into practical habits across every stage of a project.

What the seven principles look like in action

These principles come directly from UK data protection law, and we use them to guide our approach from planning through to delivery and closure.

  • Lawfulness, fairness and transparency
    We explain what data we are collecting, why we need it, how it will be used and who will see it. We do this clearly and accessibly, using plain language and tested materials.
  • Purpose limitation
    We only use the data for the reason it was collected. If we want to use it for something else, we assess whether that is appropriate and seek new consent where needed.
  • Data minimisation
    We only collect the information needed to answer the research question. Nothing extra.
  • Accuracy
    We make sure the data is up to date and correct. We offer people ways to check and update their information.
  • Storage limitation
    We retain data only for as long as needed. We follow clear retention schedules and delete information securely.
  • Integrity and confidentiality
    We use appropriate technical and organisational measures to protect data from loss, misuse or unauthorised access.
  • Accountability
    We document our decisions, train our team regularly and continually improve our systems. If something were to go wrong, we would act quickly and transparently.

These principles are not just about compliance. They help us uphold the values that shape our work: being rigorous, relevant, and respectful of the people and organisations we support.

Understanding the legal basis for using data

As well as following these principles, we always help our clients identify and make clear a lawful basis before collecting or using personal data. The most relevant ones for our work are:

  • Consent
    We often use consent when involving participants in research. This means people give clear, informed agreement for their data to be used. We make sure consent is freely given, specific, and easy to withdraw.
  • Public task
    When our work is commissioned by public bodies or forms part of a publicly funded research programme, we may rely on the public task basis. This applies when the activity supports the delivery of a function in the public interest.
  • Legitimate interests
    In some cases, especially when working with organisational clients outside the public sector, we may rely on legitimate interests. We always assess whether this is fair, balanced, and expected by the people whose data is involved.
"Understanding the legal basis is not just a technical step. It helps us stay grounded in purpose. Each basis reflects a different kind of relationship with the people we are working with. By choosing carefully, we stay aligned with our values of inclusion, transparency and integrity.

Designed to support your standards

We align our processes with frameworks commonly used across health and care, academia and the wider research ecosystem. These include Health Research Authority (HRA) regulations, NHS data security and protection requirements, university research governance protocols, and funder standards such as the UK Research Integrity Office principles.

Because we understand the different pressures that our partners face, we can help shape studies that are ready for scrutiny, whether by ethics committees, procurement panels, or patient and public involvement groups.

For clients who do not work within NHS or academic frameworks but still need to demonstrate ethical, high quality research practices, we have also joined the Market Research Society. It sets clear expectations for responsible research. These are standards we build into every project to give our clients added confidence in the way we work.

Built for trust. Ready for scrutiny.

We believe good data protection should never get in the way of research. It should make it better.

When people trust us to handle their information well, they are more willing to take part. When clients can show they have partnered with an organisation that takes data protection seriously, they move faster and with more confidence.

Our approach is designed to be rigorous, practical and aligned to the real-world demands of healthcare improvement. If you are planning research, testing new solutions, or looking for a partner who can help you listen carefully and act responsibly, we would love to hear from you.

Contact our Insight and Innovation team today to discover how we can help.

Related articles

January 24, 2024
Methods

9 top tips for questionnaire success

Privacy Policy
Terms & Conditions
Accessibility
© 2025 Thiscovery
Follow us on