The Speedwell study was set up as a prospective cohort study to look at the determinants of cardiovascular disease, though over time other phenotypes of interest have been added. It recruited men aged 45-59 years of age from 16 General Practitioners based at two health centres. The study used a common core protocol with the Caerphilly Prospective study (CaPS) and for some blood assays, the same laboratories were used. Men were invited to research clinics were they completed questionnaires, had clinical measures such as blood pressure and blood samples taken. In general, the array of exposures and phenotypes was less extensive than that collected for CaPS. Over time men were seen over an additional 4 clinics and at phase 5, cognitive function and retinal photographs were added. Were possible, joint analyses with CaPS have been undertaken e.g. risk factors for stroke. Data from the Speedwell study has contributed to pooled meta-analyses with other epidemiological cohort studies.
Information security and privacy notice
The data we have collected on you for the Speedwell study is to enable us to look at what risk or protective factors may be associated with a wide range of chronic diseases, such as heart disease, stroke, dementia etc. We have a wide range of different types of data; (a) questionnaire – either self-report or responses to an interviewer, (b) clinic measurements - things like weight or blood pressure, (c) biomarkers – measures derived from a blood sample such as cholesterol or genetic variations (d) cognitive function tests of memory (e) outcome data such as whether you have had a heart attack from medical records or other sources.
We take data security very seriously and adhere fully to the University of Bristol’s data protection and information security policies and procedures. University of Bristol is the Data Controller, and is responsible for ensuring that all data are securely stored, handled and used in accordance with the Data Protection Act 2018 and General Data Protection Regulation (GDPR). University of Bristol data policies and procedures comply with legislative and regulatory requirements, including NHS standards. The principal investigator remains the Data Custodian and oversees the way in which the study members’ data are looked after.
All contact information, such as names, addresses and telephone numbers of study members, is stored on an IT network that is protected by digital access controls, firewalls, security testing, full auditing, and other security provisions, to protect against the risk of unauthorised access. This system is also physically locked down and is only accessible by authorised personnel.
The same security measures are applied to all data that has been collected on study participants, be it questionnaire, clinical data or from any blood samples. All participants are coded with an arbitrary reference number, which means that researchers analysing results cannot directly identify participants and never see any contact information. Similarly, any data that is shared with research collaborators is fully anonymised to protect confidentiality and only used for approved ethical research purposes. All paper records are kept locked away in a secure storage area with restricted access. We will keep your data until we feel it no longer can add to our scientific knowledge and help society. At this moment this will review the value of the study again in 2025 at which point we will decide if we should continue to look after the data for longer or destroy it.
The legal basis for personal data to be obtained and processed for this purpose is Article 6 (1) (e) of the GDPR, which covers processing that is necessary for the performance of a task carried out in the public interest. The legal basis for processing information about particpants’ health is Article 9 (2) (i), which covers processing that is necessary for reasons of public interest in the area of public health, and Article 9 (2) (j) that covers processing that is necessary for reasons of public interest in the area of research.
Participants whose data is being processed have certain rights over their data. Further details can be found in the University of Bristol’s Data Protection Policy. Anyone who believes their data is being processed in a way that isn’t fully compliant with requirements has the right to submit a complaint to the Information Commissioner’s Office.
Any queries about the University of Bristol’s compliance with data protection requirements should be directed to firstname.lastname@example.org or (0117) 3941824.