This overview document covers important information to consider before exploring the guidance documents for each specific agreement and contract type. It also provides a summary of what each agreement or contract is useful for, when each should be in place and why each is necessary. This overview also limits itself to those agreements that can be made and are enforceable under current UK regulations and when any organisation enters into a collaboration with one or more external collaborators. 

Guidance

‘Agreement’ and ‘contract’ are sometimes used interchangeably; these words however have distinct meanings. An agreement refers to a mutual understanding or consensus reached between two or more parties. Agreements can be written or verbal and rely on honour rather than enforceability. If one party fails to fulfil their promise in an agreement, the other party is usually not entitled to legal remedies. Some agreements can have legally binding clauses often with schedules which are attached documents containing additional information detailing the specific clause in question. These types of agreements can then be considered legal documents and will need legal oversight before signing and coming into force. A contract is a specific, formal, and legally binding agreement between two or more parties. It meets certain requirements designed to create enforceable obligations. if one organisation or individual breaches any part of the contract the other party has the right to take legal action.  

Agreements and contracts are important documents when groups come together. It allows for the development of an agreed standard way of working and protects individuals and organisations against potential negative actions that may develop during and often following the completion of the research. Although research can also be funded by grants, which have different deliverable, legal and financial implications, the current guidance is based solely on contract-based research. 

It is also important to ensure you have the right people in the right roles supporting your project and that their roles and responsibilities are in line with the UK Policy Framework for Health and Social Care Research and its applicable legislation. Further information on the roles and responsibilities of all individuals and organisations is set out in more detail in each contract guidance document.

Contracts and agreements are the foundations of successful research interactions, providing clarity, protection, and trust. The following sections clarify some of the reasons why you should use this approach to support and protect your research: 

Clarity and expectations: Both contracts and agreements provide clarity on the rights, obligations, expectations and deliverables of all parties involved with the research.   

Risk: The use of agreements helps identify and mitigate any potential ethical, regulatory or personnel issues with your research upfront. It will also help identify the ways and means of dealing with these problems and thus help protect the collaborating organisations, participants and research personnel from any costly legal proceedings. 

Legal protection: Agreements can, but contracts do serve as legally binding documents that can be enforced in court. They protect research, ensure compliance and safeguard intellectual property rights and confidential information. 

Relationship building: Well-drafted agreements foster trust, and professionalism, help define roles and responsibilities and demonstrate commitment and reliability that enhance research relationships.

When drafting and executing a contract or agreement there are many contractual elements that need to be considered. Although not exhaustive, the key areas listed below and those identified under the specific contract guidance document will need to be addressed.

Negotiation

Negotiation is the first step to ensure the highest standard of rigour, integrity and best research practice is achieved during the research project.  The roles and responsibilities of all individuals and organisations will need to be carefully considered and any agreed contracts should be compatible with all local and national policies, procedures and guidelines before the study starts.  

Intellectual property (IP)

Prior to any project, patent searches may need to be conducted to ensure legal protection of any innovative equipment used or constructed during the research is considered. Intellectual property ownership rights will also need to be agreed upon at the start and the potential for any breaches of IP rights addressed. It is also the obligation of staff to exercise due care in managing IP issues and that all IP used or developed during the research is protected under an appropriate insurance policy. 

Confidentiality

Confidentiality and information governance must be clear before any project is started. Policies must be in place and clearly articulated, especially around the use, ownership and storage of personal data. Where specific sensitive or confidential information is to be handled and used during the project a non-disclosure agreement should be prepared and in place prior to any research activity being undertaken. All organisations that will conduct research must therefore have a clear understanding of what can and cannot be undertaken around their current policy structures.  Additionally, any important proprietary information or knowledge developed under the research project must not be disclosed in any format to any external party prior to having agreed terms governing access and use of such information. All organisations should ensure that their background IP are protected by confidentiality agreements as any accidental disclosure could potentially destroy the ability to patent any IP, cause financial loss, reputational damage or even inhibit the ability to publish the results of the project. The duration of a confidentiality agreement may vary depending on the project, but 3-5 years is often sufficient as a starting point.   

Right to publish

An agreed publishing plan should be prepared in advance of the project as some ethical considerations, management and collaborators may dictate where the research can be published. In accordance with good research practice, results should be published as quickly as possible. 

Liabilities and warranties

The research personnel should not be put in any unreasonable risk in the delivery of the project. As such, terms that are fair and reasonable and that are in line with the project's insurance policy should be considered. The first port of call for the sponsor is with their legal team as many liability clauses can be lengthy and complex.  

Policies and best practice

The research team should conduct themselves in accordance with the best research practice and adhere to all local and national laws and policies as detailed in any agreed contract. All staff should be trained and be familiar with all the key policies and guidelines before any research is undertaken. Support for best practice research can be discussed with ethical review bodies that are approached prior to the start of any studies.

Contract management involves the whole life cycle of the agreement. From negotiation through to creation, execution, monitoring and closeout. It is also critical for any research team and participating organisation that all potential contractual obligations are met and comply with all local and national regulations.

To ensure an effective contract management approach is successful it needs to be transparent, reduce risk and can eventually lead to a successful outcome for the project. It may involve collaboration between a whole host of different legal, procurement and operational teams within all participating organisations. Whether a contract management approach is required will depend on the number and complexity of the projects that are run. However, a consistent and standardised approach across all projects helps to deliver research on time and to budget. Some of the key areas of contract management are outlined below. 

Contract drafting

Negotiation is the first step in creating and drafting a contract. All parties need to agree on the objectives, scope, deliverables, risk and many other key features before signing and moving forward. 

Risk

The identification, evaluation and mitigation procedures must be established to limit the potential hazards to the project team and organisations. Consideration of the risks associated with the project will help reduce the potential of adverse legal issues, lost opportunities and a potentially negative impact on the project. Best practice should therefore be employed to reduce potential risk through regular risk assessments, clear communication procedures and training.  

Contract execution

This is where the terms and conditions of the contract become active. Regular reviews of the contract will demonstrate whether the terms are sufficient for a successful delivery of the project and whether there are omissions that need to be dealt with. 

Compliance

Regular reviews, assessments and monitoring of the contract are required to ensure compliance with regulatory requirements and internal policies and guidelines. 

Change management

This is where changes and modifications of existing contracts are managed. Unexpected developments, regulatory changes or shifts in the strategic direction of the collaborating organisations will need to be documented and agreements updated if any changes have the potential to seriously impact the research and final deliverables.  It should be clearly documented within the research governance framework who can undertake these changes and when.  

Disputes

To ensure the continuing harmony in relationships between collaborators and that contractual obligations are upheld, the management of dispute resolution and control becomes very important. A dispute resolution clause within the agreement can greatly help this approach. 

Contract closure

Once all parties and organisations have delivered on the research obligations, the contract can formally be closed and archived and the publication strategy enacted upon.   

This checklist contains elements that need to be considered during the whole life cycle of the contract. Although these elements may not constitute an exhaustive list and do not relate to any specific contract, it does highlight the main areas that any contracts or project manager needs to consider. It should also be noted that the contract owner is advised to work through the checklist in a stepwise manner to capture those components that are needed to support drafting of an effective contract.

Contracts management checklist

In the sections below, a brief description of why and when each agreement should be used is included. This will help the reader decide whether the agreement or contract will support their research needs. It should be noted that there are many other agreements that operate at different levels between organisations, the ones highlighted below focus primarily on collaborative research. For more detailed information, refer to the specific section in this guidance document. 

Memorandum of Understanding (MoU)

An MoU outlines the key terms and conditions of the research collaboration and is an agreement drafted and signed by all parties before a more enforceable contract is entered into. The MoU thus helps formalise and structure the collaboration and supports the application for funding, primarily by ensuring that all factors are considered before any research activities are undertaken.      

When to use an MoU:

• Negotiation: This agreement is useful to explore potential collaborations and to build the research plan prior to the start of the project.

• Legal: An MoU is usually not legally binding or enforceable. This gives all parties the opportunity to walk away from the collaboration without any legal consequences.

• Trust: This document helps build trust and communication between all collaborators.

• Clarification: MoUs help establish project goals, responsibilities, resources and deliverables.

For those projects that are undertaken internally by local authorities and where there is only one project owner, an MoU can be used in conjunction with project management documentation in support of the research. Where external research is undertaken and where there may be several collaborators involved in the project, upgrading a MoU to a more legally binding contract, such as a collaboration contract, is advisable.   

Non-disclosure agreement (NDA)

An NDA is a legally binding document between two or more parties. It outlines the confidential information, materials or knowledge that is shared between individuals or organisations within the collaboration. This agreement thus ensures that any personal or commercially sensitive material is legally protected during and beyond the collaboration.

When to use an NDA:

• Negotiation: When entering discussions with potential collaborators, this type of contract should be considered before any proprietary or confidential information is shared.

• Timing: Drafting and signing of the contract should be undertaken before the start of a project.

• Legal: Appropriate legal advice should be sourced and contact maintained before, during and following the signing of the contract.

More information on one-way NDAs, mutual NDAs, and those detailed elements typically included in an NDA can be found in the specific NDA Section of this document.

Collaboration agreement

A collaboration agreement is a legally binding contract between two or more parties that are involved in a research project. This contract is the most common form of agreement that is used between collaborating research groups and when drafted and signed may contain several legally binding clauses. This type of agreement is used to formalise and structure the research project in collaboration with other contributing partners and when any sensitive or confidential information or material is used or collected during the project, specifically if it needs to be protected under UK law.

When to use a collaboration agreement:

• Negotiation: Discussing and drafting the research plan and contract should be undertaken before the start of the project. Legally binding clauses can be added unless extensive and more detailed protective and legally enforceable measures are needed. In this instance, separate contracts should be considered.

• Legal: Where intellectual property or sensitive information is used and shared, a collaboration agreement is favoured over an MoU. Legal teams within each collaborating organisation should be involved in drafting and executing the contract.

A collaboration contract ensures that a productive, protected, agreed and mutually beneficial partnership is established, and that clear guidelines and expectations are set and agreed upon from the onset.  

Intellectual Property (IP)

The IP contract is a legally binding document that aids in the support of an organisation's IP, whether it is brought into the project or whether it is created during the research. These contracts exist where there is any potential commercial advantage that can develop from the research.

When to use an IP contract:

• Negotiation: When entering into discussions during the construction of an MoU or a collaboration agreement, any IP will need to be considered, and specific clauses in the agreement included. Where more extensive and detailed protection is required a separate IP contract should be considered.

• Legal: The collaborating organisations will need to include their legal teams in the drafting of the contract. The funding organisation may also have IP specific terms and will need to be addressed when setting up an IP contract. 

• Third-party IP: Any IP used from external sources needs to be considered and detailed in the contract during the drafting process.

• Commercialisation: The commercialisation of any new IP generated during the project will need to be considered and detailed in the contract.  

There are also three main types of agreements where IP can be protected, an NDA, a licensing agreement, and an assignment agreement. The guidance document for intellectual property expands on these in more detail, along with key elements that should be included when drafting this type of contract. In all cases, these agreements should be considered before any research activities are undertaken. 

Data processing agreement (DPA)

A DPA is a legal contract that determines the rights and obligations of the collaborating organisations and those parties involved in the processing of regulatable information. It is a legal requirement if personal data is collected, used and processed by a third party. The DPA is concerned primarily with the data controller (an organisation or individual that determines the reason behind the need to process the data) and the data processor (any third-party organisation that is providing the data processing activity).

When to use a DPA:

• Negotiation: During early project-based discussions with potential collaborators, research that will involve the collection, processing and storing of personal data will require a DPA to be implemented. 

• Information: In conjunction with a Data Sharing Agreement, any personal, sensitive and confidential data must be legally protected. 

• Legal: Compliance with the UK GDPR and the Data Protection Act 2018 must be adhered to. 

• Security: The appropriate security measures need to be in place in all organisations that will be handling and processing any personal information.

Data sharing agreement (DSA)

A DSA is a legally binding contract that establishes the standards, roles, purpose and use of personal data by all collaborating parties. It helps demonstrate that all the required legal obligations are being met under the UK GDPR and the Data Protection Act of 2018.

When to use a DSA:

• Negotiations: Collaborating researchers and organisations involved in the collection, sharing and processing of personal information will need to implement a DSA before the start of the research. 

• Information: A DSA ensures that all parties adhere to data protection laws.

• Legal: All organisations involved in the handling of personal, sensitive and confidential information must abide by all relevant regulations and guidelines.

Research funder contract

This contract issued by the research funder following a successful application is a legally binding agreement that must be agreed and signed by the research group before the research starts and before any monies are released. The contract terms and conditions must be reviewed and accepted prior to the release of funds

When to use a research funder contract:

• Negotiations: The terms and conditions of the funder must be considered during the preparation phase of the research application. These should be discussed with all collaborating organisations to ensure that the project will adhere to the funder’s terms.

• Information: Contracts from different funding organisations may differ and the sponsor will need to ensure that there are no clauses present that will significantly impact the funded organisation. 

• Legal: Prior to submission of the research project application and prior to signing the funders contract to initiate release of funds, each collaborating organisation’s legal team should be aware and have agreed that the project can go forward.

This decision tool helps clarify the steps involved in selecting an agreement or contract. It outlines the responsibilities of the lead researcher, research organisation, funders, and legal team. The activities are divided into two interconnected phases: 'pre-award' and 'post-award'.

When using the decision tool, note that:

• an oval indicates either ‘start’ or ‘end’ of the decision tool

• a rectangle indicates a task or action

• a banner signifies that a subprocesses exist

• a rhombus contains an agreement or contract type/s

• a diamond indicates a decision point with either a ‘yes’ or ‘no’ pathway

Project complexity

The complexity of a project should be assessed on an individual basis. For this decision tool, the key points that influence the level of complexity of a project include: scope, budget, duration, stakeholder/s, resource/s, risk and ethics. Specific parameters for each factor have not been defined as this will largely be influenced by the organisation and moving factors. Access to additional support, at any stage in the preparation and execution of the project is encouraged as this will help clarify and improve the project at all stages of the research process.

A final note

Agreements and contracts are a complex area and, therefore, it is important to note that the decision tool is not an exhaustive pathway. An effort to simplify the process to provide a top-level view has been made, and there will be variations in this process that are not accounted for in this tool. It should also be noted that where no external collaboration is sought and the study is being conducted in-house, an MoU may still act as a document in support of the funding application. 

A memorandum of understanding (MoU) is usually a non-legal pre-contract agreement that can help clarify the commitments, resources and other considerations that will be needed to complete the research project. It is usually set up before any planned research activities are undertaken, and all involved groups should sign and agree to the plan. Also, by considering the major risk factors associated with this type of agreement and applying the recommendations highlighted in this guidance document, the agreement will help formalise the approach to the research and lead the project team to a successful funding application.

Introduction

An MoU is usually not legally binding but serves as a statement of serious intent. It clarifies the commitments, resources, and other considerations that each group will bring to the research activities. Clarification from your legal team will be necessary to ensure that clauses in the draft MoU do not breach any existing legal or regulatory policies and guidelines. 

Before reaching an agreement, many research ideas and thoughts will involve some initial and informal discussion with potential partners. An MoU consolidates these ideas and allows all groups to clearly understand their roles and commitments prior to a more extensive and legally binding contract, such as a collaboration contract. 

It should be noted that an MoU can be set up at any time before research activities are undertaken. Generally, before an MoU can be agreed, the following is needed: 

• a research idea that is novel and supports the strategic requirement of the applicant's organisation 

• identified possible funding stream/s as this may inform the research proposal and hence the MoU

• identified collaborators that will support the research project through skills and knowledge not available in the research proposer’s organisation 

Once an MoU has been agreed, the following can occur:

• complete/finalise the funding application

• submit proposal for review and acceptance of funding

• commence consideration of formal contract(s) - if there are data confidentiality issues, legal and commercial sensitivities that need to be considered and protected

• for intellectual property (IP) issues, consider a non-disclosure agreement (NDA) or other more specific IP contracts

• for confidentiality matters, a data sharing and processing agreement may be required

• any outstanding regulatory required approvals will need to be finalised, such as the data protection impact assessment when sharing and handling personal data

Key elements of the agreement

The following key elements should be considered when drafting an MoU: 

• Parties: The document should clearly state the organisations, and where appropriate, the individuals that will be involved in the collaboration. 

• Responsibilities: The key responsibilities and roles of the participating organisations or individuals will need to be clearly documented. 

• Scope and intended action: Describe the purpose of the MoU. What specific project, collaboration, or initiative does it cover? Be concise and specific.  

• Principles and objectives: The overall timelines, objectives and deliverables need to be clearly stated in the agreement.

• Duration and termination: The duration of the agreement should be documented, with agreed dates for the start and end of the collaboration. Include provisions for how either party can terminate the MoU if necessary.  

• Accountability and governance: Provide clarity on what each partner is contributing and receiving. This helps governing boards scrutinise and sign off on the collaboration. It is essential for gaining support and ensuring continuity even if personnel changes occur. 

• Integration into strategy and ethos: Consider how the partnership aligns with the overall strategy and ethos of the organisations involved. An MoU can help integrate partnerships into more stable and productive collaborations.   

• Impact evaluation: Set out the achievements that are expected to be realised. Include an opportunity for impact evaluation from the outset.

• Finance: A financial breakdown would be included in any research proposal and the MoU should have a broad consideration of costs and cost distribution.  

Download the MoU checklist

Sponsor responsibilities

Sponsors are ultimately responsible for delivering on the objectives of the project, with outputs aligning with the strategic direction of the organisation. This will include effectively leading the project, with significant support from the research team, and offering guidance when and if required. Additional financial and resource support, over and above that offered by the funder, may also be made available. Sponsors will often promote the project and can advocate for its success, thus helping to raise awareness and support from other parties interested in any future research collaboration. Finally, sponsors have a responsibility for the research team to ensure adherence to the details of the MoU, the funder's contractual terms and conditions, and that monitoring and accountability procedures are in place.

Researcher(s) responsibilities

There are several key responsibilities that the lead researcher is responsible for. Primarily this will include the drafting of the agreement, defining the scope and objectives of the research and whether there are any IP issues that need to be considered prior to the start of the project. The lead needs to consider whether any ethical approvals from key review bodies are required and that all activities are compliant with current laws and regulations. Effective and regular dialogue or a defined communication strategy needs to be in place throughout the research and after the project has finished. This will ensure that all reports are delivered to the funder and any adjustments and improvements to the agreement can be quickly instigated. Resource and financial management will need to be documented and properly managed. Documentation is another important area that will need to be managed. Progress reports, final reports, audits, personal data, and other types of documentation will need to be accurate, safely stored, and archived. All these activities will need to be written into the agreement, and where appropriate, training of personnel may need to be undertaken. Although this list of responsibilities is not exhaustive, the lead researcher, in collaboration with the sponsor and other key members of the research team and organisation, must ensure that all the appropriate actions are taken to deliver on all agreed objectives.

Research funder responsibilities

The research funding organisation can play an important role in supporting the collaboration before, during and after the research project. The most obvious responsibility is that the funder must ensure the delivery of the appropriate funds at the times specified in their terms and conditions. They may also provide some level of strategic guidance and support. They may facilitate access to additional resources such as expertise, technology, and networks. Oversight and accountability of the funds across the collaboration may also be requested and all parties must adhere to the funder’s terms and conditions. Finally, funders may often promote the collaboration and advocate for its success through a variety of different approaches, thus enhancing the visibility and impact of the research. 

Risks

The MoU is a useful document for outlining the objectives of the research and responsibilities of all collaborating organisations. This type of agreement is usually drafted prior to any application for funding and potentially before any formal contract is considered. There are several risks that are associated with an MoU and include:

• Enforceability: There may be no recourse if any individual or organisation fails to comply with the terms of the agreement. In addition, the document may not be signed by all collaborating parties, indicating disagreement between collaborators. This can delay and put the project delivery in jeopardy.  

• Change: The content of the MoU may change and may require regular updates and amendments. This could lead to delays, and unless a document capture system is in place, the loss of valuable information may occur. Changes in regulatory policies and guidelines during the project may also result in the MoU being inadequate for its intended use. 

• Time: The lack of consideration for how long elements of the agreement take, for example, relevant legal approvals, can result in missing reporting deadlines. 

• Communication: Without clear terms and legal clauses that accompany contracts, the MoU may not be as robust as it should be and put the project at a higher risk of miscommunication, thus negatively impacting the project.  

• Security: As MoUs are not generally legally binding, parties may not be morally bound by the document and thus unmet expectations may occur. If this is considered high risk, then the MoU could include legally binding clauses, or a legally binding collaboration contract could be a consideration. 

Recommendations

As many MoUs will not be legally binding and may only represent the desired plan, the following recommendations will help deliver an effective project:

• Negotiation: Clear and effective communication and negotiation between all parties is required. This is to ensure that all interested parties are clear on their responsibilities and the deliverables. Everyone should then sign and agree to the agreement.  

• Timing: The MoU needs to be agreed upon and signed before any research activity is undertaken. Early implementation of this agreement will help ensure clarity of approach for all collaborators and simplify the final research proposal and research activity. 

• Legal: The sponsor and lead researcher should pass the document across to their legal team for advice and to ensure that there are no intellectual property or data management issues. If more protection is required, then a more legally binding document would be needed. 

• Regulation: All appropriate laws, guidelines and regulations need to be addressed and covered in the MoU. 

These recommendations, though not exhaustive, will help the research team ensure that any collaboration activities are discussed, negotiated, and reviewed prior to deciding on whether the MoU or a more detailed and legally binding contract is required.

A non-disclosure agreement (NDA) is a contract between two or more organisations that wish to share confidential information within a clearly defined set of limits. These limits may be confined only to the research project and to a select number of individuals. In this way, commercially and personally sensitive information can be restricted, thus reducing any financial risks associated with free access to the material. Therefore, to ensure that an effective NDA is considered and in place prior to the start of the project, the responsibilities of key members of the research team, in addition to the risks associated with this type of agreement, are highlighted in this document. A list of recommendations is also included to further ensure that a clear and concise agreement is prepared that protects all aspects of confidentiality for all parties involved in the research.  

Introduction

An NDA is a contract that ensures that any confidential, sensitive, and legally relevant information is captured and agreed before any research is undertaken. There are two types of NDAs; one-way NDAs and Mutual NDAs. For one-way NDAs, only one party discloses confidential information, which the recipient agrees not to reveal to others. For mutual NDAs, both parties exchange confidential information and commit to keeping the shared information confidential. When more than two parties are involved, a multilateral NDA may be required.

Before an NDA can be agreed, access to the following may be needed:

• a developed research proposal identifying any sensitive or confidential information or material that needs to be legally protected 

• all collaborators involved in the research will need to be identified and should be party to the NDA

• identify intellectual property (IP) specific aspects of the research project that need to be covered and protected 

• identify and agree on an individual who will take responsibility and lead NDA discussions - this can vary depending on the institution and nature of the research

Once an NDA has been agreed and signed, the following can occur:  

• continue with the research application and submit for funding

• review the NDA at agreed times within the project to ensure that all clauses are still relevant 

Key elements of the agreement

An NDA primarily focuses on confidential information but can contain other materials such as trade secrets, business plans, customer lists and proprietary information. The core provision of the NDA is the obligation of the receiving parties to maintain confidentiality and safeguard the information for an agreed duration. The following items can be used to work through the required elements when drafting an NDA:

• Identification of the parties: The NDA should clearly identify those individuals and organisations that have access to confidential information. For one-way NDAs, the confidential material is exchanged between the owner of the material and the receiving party, who agrees not to release it to anyone outside of the research project. In two-way or mutual NDAs, both parties share and receive the confidential information, but as with the one-way NDA, it cannot be shared with anyone outside of the research project. 

• Define confidential information: The NDA must define what information, or any other material, is confidential. The definition must be precise and cover the nature and specifics of that material being disclosed. Secondary information derived from the primary source may also be included in the agreement. 

• Purpose: The intended purpose of the NDA and the Individuals within the team that will have access to the confidential information should be clearly identified and documented. 

• Timelines: The duration over which the confidential information is to be shared needs to be agreed, ensuring that it is not used indefinitely and for too long after the completion of the project. 

• Exclusions: Certain exceptions may apply, including information that is already in the public domain, information developed during the project independent of the study area, and information disclosed before the NDA started. 

• Enforceability: The NDA may need to be executed as a deed if it is one-way. If the confidential information becomes public knowledge, through whatever route, the NDA cannot be enforced. 

Download the NDA checklist

Sponsor responsibilities

The sponsor in conjunction with the lead researcher has several key responsibilities to ensure the successful completion of a non-disclosure agreement. The sponsor needs to ensure that the NDA clearly identifies what constitutes confidential information within the context of the research project, what the permitted purpose is for the disclosed information, who can access this material and under what conditions all this can be conducted. Monitoring and enforcement procedures need to be in place, and any breaches of confidentiality are dealt with quickly, especially as this could lead to costly legal action. The sponsor should also ensure that all parties understand and comply with the terms of the NDA, and for this to occur, they should ensure that the appropriate training and guidance is offered to all individuals who will have access to the information. As ultimately the sponsor manages and takes responsibility for this information, a clear and published policy should be available before the research is undertaken. Additionally, financial support should be in place to cover all eventualities where legal action may occur.

Researcher(s) responsibilities

Responsibilities identified under the sponsor are often taken on board, supported, and driven by the lead researcher. These include defining the confidential information, setting boundaries for disclosure, ensuring compliance, monitoring, training, guidance, and enforcement. Being at the forefront of the research, the researcher is also well-positioned to identify the potential risks associated with the collection and use of any confidential information, whether an NDA is required, what regulations, laws and guidance documents are available and how to manage the situation if any breaches of confidentiality are to occur. Effective and close communication with the sponsor is required to ensure the delivery of an effective NDA.

Research funder responsibilities

The funding organisations may require assurance that key areas associated with confidential information are supported and protected. The funder may require assurance that their terms and conditions are clearly understood and that a determination is made on whether an NDA would benefit the project. This discussion should be conducted with key stakeholders and collaborators of the project before any application is submitted.  

Risks 

The use of NDAs comes with certain risks, and all collaborators should be aware of these: 

• Enforceability: An incomplete and poorly drafted NDA may be problematic. If a breach of confidentiality does occur, this can lead to costly and time-consuming litigation. 

• Limitations: NDAs may not be able to protect against third-party disclosures, unless they have been identified and have signed the agreement.  

• Reputational damage: Even with a completely well-structured NDA that covers all aspects of confidentiality, breaches may occur, legal action sought, and reputational damage may develop.  

• Public health concerns: NDAs may be very restrictive and may delay or retard research activities leading to the failure to complete the project. 

It is important that a well-drafted NDA is produced by a knowledgeable contracts manager and reviewed by the organisation's legal team to ensure that all the necessary protective clauses are in place to limit any unnecessary risks to the organisation conducting the research.

Recommendations

It is important that a clear and concise agreement is prepared to protect all aspects of confidentiality that are present or that develop out of the research. As such, there are several recommendations that should be considered when preparing an NDA:

• Confidential information: A detailed and exhaustive list of confidential information that will need protection is required. A discussion and review of the NDA should be undertaken with the contract manager and sponsor to ensure that all limitations and the potential financial and reputational impact following a breach of the agreement can be avoided. 

• Scope: The scope of the confidential information needs to be in place. This will include all receiving parties, the purpose of the information, any exceptions, and the duration over which this information can be used. 

• Return or destruction: A clause will be required to identify how information is to be returned or destroyed at the end of the agreement. 

• Obligations: The obligations of the receiving party must be clearly stated, including what encryption measures will be used, the type, extent, and security of the storage location. Additionally, the information should only be accessed by defined and authorised personnel. 

• Exclusions: Any exclusions to the confidentiality obligations need to be identified. This may include information that becomes public through no fault of the receiving party. 

• Legal: The agreement should specify all legal remedies that may be needed following any breach of the confidential information. The agreement should also be constructed and reviewed by the organisation's legal team. This will ensure that the NDA complies with all relevant laws and that it protects the interests of the research team and all organisations involved in the research. 

 Although not exhaustive, the recommendations should significantly reduce the potential impact of any breach of this type of agreement.

A collaboration agreement is a legally binding document that outlines the terms and conditions of the project, the scope of the collaboration, the objectives of the research, and each participant’s distinctive roles, responsibilities and contributions within the project. It is prepared, agreed, and signed at the beginning of any joint research activity. For other types of collaborative work, such as evaluations, if one or more external collaborators are involved, personal data is shared and the issue of IP is raised, further discussions with the contract manager will need to be undertaken to ensure that the activity is legal and that stronger supportive documentation is considered and in place. This guidance document therefore highlights some of the key legal, financial and managerial risks associated with the preparation of this type of agreement, in addition to several recommendations that will help researchers prepare an effective and legally binding document. 

Introduction

A collaborative research project may involve a multitude of individuals from a variety of different academic and other organisations, including local authorities, that work together to achieve a common goal. This type of contract is therefore required to ensure a productive, protected, agreed and mutually beneficial partnership is established, and which sets out clear guidelines and expectations from the onset. 

Before a collaboration agreement can be implemented, the following is needed:

• the parties involved in the research collaboration should be clearly identified

• the objectives of all parties in the collaboration will need to be defined

• a sponsor should be identified and agreed - they should take ultimate responsibility for the research and ensure that all legal and contractual processes are in place

• all collaborators should consider any conflicts of interest that may arise in the collaboration - ideally, this may have already been addressed in a memorandum of understanding (MoU) or some other plan prepared prior to the acceptance of the research project

• the research proposal should be compliant with all relevant laws and regulations and ethical guidelines and standards, especially when handling personal data 

Once a collaboration agreement is signed and agreed, the following can occur:

• the research project can commence, including the allocation of resources such as personnel and equipment. 

• a reporting plan should be prepared and agreed between the collaborating teams, including a plan to monitor progress and to address any issues should they develop

Key elements of the agreement

A collaboration agreement is a legally binding contract that outlines the terms and responsibilities of staff involved in the research project. Careful consideration of the level of legal and enforceable clauses will need to be addressed to determine whether additional contracts are required in support. The following points can be used when drafting a collaboration agreement:

• Purpose and scope: This section should clarify the purpose of the research, its objectives and ultimately its deliverables. It should show how the benefits or deliverables of the project will be used to advance the current understanding of this area of research. 

• Parties involved: All organisations and potentially key individuals that will be involved in the collaboration will need to be identified. It should clearly describe how these groups will participate in the research and what roles, responsibilities and obligations they will have to meet. 

• Disputes and resolutions: Disputes within and external to the project and the approach that will be taken to resolve these need to be clear and documented within the agreement.

• Confidentiality: Establish the rules regarding the confidentiality of any shared information or knowledge. It will need to be clear between all collaborating parties how this material is obtained, used, shared and stored. The agreement should detail any procedures and processes that will need to be in place to ensure data privacy and compliance with all relevant laws and regulations. Details clarifying any intellectual property rights, ownership and usage will also need to be covered.  

• Communication: The agreement should include monitoring procedures, reporting frequencies, financial schedules, dissemination of the results and all communication that is conducted within and external to the project. A contract management approach with an assigned project manager may be appropriate where large projects are entered intoin to. 

Where possible, all MoUs or plan documents that are used to apply for funding can be used to construct the collaboration agreement. 

Download the collaboration agreement checklist

Sponsor responsibilities

The sponsor plays an important role in this type of contract and, in conjunction with many of the members of the research team, they have several key responsibilities that must be met. The sponsor will advocate for the research, ensuring it aligns with the strategic goal of the organisation. They will also make critical go/no-go decisions at various stages and ensure all key policies and procedures are in place and followed. They will also support any changes in the agreement that might occur during the life of the project. Sponsors may have strong relationships with key stakeholders, promoting support and collaboration across different departments and external organisations. They will also take ultimate responsibility for failures of legal, regulatory, ethical compliance, IP and other areas of risk that may have organisational impact. They can act as arbiters for resolving conflicts that cannot be managed. With support of the team leader, the construction of the agreement must be ratified by the sponsor and ensure that the appropriate protective and insurance policies are in place to allow the project to progress.    

Researcher(s) responsibilities

The lead researcher is key to the success of the collaboration agreement as they are responsible for the overall execution and direction of the project. Managing the day-to-day activities, the lead, possibly in conjunction with a project manager and with the support of the sponsor, will help coordinate tasks, manage timelines and ensure objectives are delivered on time and to budget. Through the application of good scientific leadership, the lead researcher is responsible for the overall execution and direction of the research project. With other key members of the team. The lead will also ensure the day-to-day activities are in line with good research practice. The lead should monitor that all activities comply with relevant ethical guidelines, laws and regulations. An effective communication strategy must be in place so that all members of the team, key stakeholders, collaborators and any externally interested parties are aware of the progress and the beneficial outputsout puts of the project. Detailed documentation, reports and records will need to be maintained, an approach that should help resolve and clarify any conflicts or issues that may arise. Where an acceptable resolution cannot be achieved, the sponsor may be asked to intervene. Finally, the lead researcher is the one who helps put the project details together and is the one whothat is central to the effective completion of the project and delivery of any benefits that may arise.

Research funder responsibilities

The funding organisation may have several responsibilities associated with the effective delivery of the research project. As with all contracts of this type, the funders will have a set of terms and conditions that the researchers will have had time to read and will need to be familiar with prior to the start of the project. Once the funds become available, they will need to be disbursed in a timely manner and to agreed times and dates. Other requests that the funder could ask for may include evidence on compliance with data protection, current laws and regulations and any specific health and safety issues. Many funding organisations may also support communication between disparate organisations and help the delivery of the project through arranging external meetings, workshops and other events. At the end of the research the funding organisation may evaluate the project on the agreed objectives, the final cost and whether future support should be considered. 

Risks

Several risks can impact the successful completion of a collaboration contract, includingthese include:

• Clarity: Failure to make things clear in the contract can lead to disputes and failure to meet key deliverables. Non-compliance issues may also arise, and this could lead to legal challenges, fines and possible reputational damage.   

• Finance: Lack of appropriate procedures can result in budget overruns and insufficient funds to complete the project.

• Data security: Breaches of confidentiality or data security issues, disagreements over IP, and failure to protect confidential information can hinder collaboration, damage trust between parties, and can lead to legal and financial problems.

• Cultural differences: A lack of understanding and support whilst working across different cultures can significantly impact the success of the project.

• Resources: Inadequate planning on resource requirements such as finance, equipment and personnel can seriously delay the project and potentially impact its deliverables.

• Goals: Conflicting goals, deliverables and objectives between collaborators can lead to disagreements and delay agreed project deliverables. 

• Management: Ineffective and constant change in the leadership can result in poor decision making, lack of direction and support and eventually low team morale.

Being aware of all the potential risks and ensuring these are covered in the agreement. Once signed, all collaborators will clearly understand their roles, objectives and ways to mitigate issues to collectively deliver on the project.

Recommendations

For a successful collaboration agreement, the following, though not exhaustive, should be considered:

• Objectives and scope: The goals, objectives, scope and the roles and responsibilities of individuals and organisations involved in the project must be clearly established, written into the agreement and signed by all parties. This will help align all parties, expectations will be clear, it should prevent overlapping activities and ensure accountability.  

• Resources: Ensure the project is appropriately costed and well controlled. Also, consideration should be made on whether there is enough equipment and personnel available to deliver on agreed outputs as this can seriously delay and impact the project deliverables.  

• Communication: The agreement should highlight the communication strategy that will be used in the project. Using a centralised platform, if possible, will keep everyone informed on progress, deliverables and hopefully prevent any misunderstandings. This platform will also help with regular progress and final reports, publications, feedback and improvement suggestions. 

• Risk management: A risk management approach should also be employed. This should identify any potential risks early in the drafting of the agreement and thus allow the appropriate mitigation strategies to be in place and ready to be deployed. This proactive approach will manage uncertainties and keep the project on track.

• Compliance: Ensure that all research activities comply with the relevant UK laws and regulations and that these activities are clearly identified and accepted by all parties in the agreement.

• Training: Training and support workshops should be considered. This will ensure all parties understand their roles and that the team is ready and able to effectively run the project, especially when cross-cultural research activities are involved. 

• Conflict resolution: Clear mechanisms must be established for resolving any conflict that arises during the project, and should be made clear in the agreement. 

By following these recommendations, many of the major obstacles can be eliminated or reduced.

An intellectual property (IP) contract outlines the terms and conditions for protecting the ownership, use and rights of an organisation's IP and when employees create inventions as part of their activities during the research project. Therefore, it is important to ensure that the key members of the team are aware of their own responsibilities and the risks associated when drafting an IP contract. To ensure that an effective IP agreement is in place, this guidance document also highlights some important recommendations that should be considered prior to the start of the project.   

Introduction

Intellectual property refers to existing IP and creations and are protected fully under UK law. This contract would typically include artistic works, designs, symbols and include terms on how the IP is used, transferred and licensed. The IP should only be used for the specific project identified in the contract, and any future use of this information or materials should be discussed and another IP contract considered. 

IP agreements are important because they provide:

• maintain proprietary ideas within a defined boundary and provide a significant competitive advantage

• protection and preventing employees from using their skills to compete with the company

• insurance that all parties – employers and employees – are on the same page regarding IP ownership and usage

Most IP contracts include a license in their terms. There are three main types of agreements in which intellectual property can be protected. These include the non-disclosure, licensing and assignment agreements, one or all of which should be considered and set up before the start of the research activity. 

Before an IP contract can be agreed and before the start of any research activity, the following is needed:

• consider whether any IP-specific information or material is needed within the project 

• determine whether an NDA is in place, and if not, consider implementing either an NDA or IP contract

• if a collaboration contract is already in place, it may have an IP clause - if, however, any IP is of significant financial and reputational importance, then a specific IP contract should be considered

• identify if the information derived from the project, using the IP, can be published (it would then become open source)

 Once an IP contract has been agreed, the following can occur:

• the IP can be released by the owner for use within the project

As one of the three main types of contracts that protect IP, the NDA can be used to protect confidential information where parties who share sensitive information during negotiations or collaborations will not disclose or misuse that information.  For license agreements, which are also legally binding documents, the owner of the IP grants the licensee the right to use the IP. Terms such as scope of use, duration and financial arrangements should be included in the agreement. It should also be made clear in the licensing agreement if the results generated can be published and used for the betterment of the public. Licensing agreements also allow parties to control the IP and enter new markets without significant upfront costs. Some common types of licensing agreements include trade secret licenses, trademark licenses, patent licenses and copyright licenses. An assignment agreement can also protect IP and involves the transfer of intellectual property rights from one party to another. 

Key elements of the agreement

An IP agreement primarily focuses on defining and protecting the rights relating to IP. The key elements that this type of agreement covers include:

• Granting of rights:  Outline the IP being considered and the scope of the rights that are being granted. It will also include the degree of exclusivity, details of the geographical limitation and the rules under which the licensee can operate with the IP. The agreement should also address any IP created by employees during the project that may have an impact and how this will be addressed. 

• Restrictions: The limitations on the use of the IP by the licensee should be highlighted. The restrictions imposed in the agreement should ensure that the IP is used appropriately and in line with the requirements of the research project. 

• Termination and duration: The duration of the license under which the IP remains in effect should be specified in addition to any grounds for termination. The rights and obligations of all parties having access to the IP should also be addressed. 

• IP ownership: Defining ownership of the IP ensures clarity and protection of the owner and all other parties. However, although the license grants usage to selected individuals or teams, it does not grant ownership. The usage of the IP would then be restricted to that defined within the agreement. 

• Confidentiality and registrations: To protect proprietary knowledge, trade secrets, and clarity around the organisation’s rights over all the IP assets’ confidentiality, patent and copyright clauses need to be embedded in the agreement.  

• Dispute resolution: The role of negotiation, mediation and arbitration in dispute resolution should be clearly documented in the agreement.  

• Indemnification: Responsibility and liability of IP infringements should be clearly documented.

Download the IP checklist

Sponsor responsibilities

It is ultimately the sponsor's responsibility to ensure that all potential IP rights are protected. Primarily, the sponsor must establish that the ownership and usage rights of the IP are clearly laid out in the contract and that it is compliant with all current laws and regulations. There must be appropriate monitoring procedures in place and that action is taken if the rights of the IP owner are infringed upon. Finally, the sponsor should ensure that the liability and indemnification terms are clear and who is responsible for any damages or losses relating to breaches in the contract.

Researcher(s) responsibilities

There are several responsibilities that the lead researcher must consider regarding the IP rights of all parties that have signed up to the agreement. These align with those of the sponsor, often with the lead researcher dealing with the practical aspects of preparing and enacting on the agreement. The researcher must also disclose any IP that may arise from the research and ensure that all parties comply with the terms and conditions stated in the agreement. The lead researcher must ensure that any confidential information is not disclosed to individuals without the proper authorisation and that any IP is only used for the purposes stated in the agreement. An effective communication plan, documentation and monitoring procedure will need to be in place to ensure that any IP issues are managed properly. 

Research funder responsibilities

As with most contracts and agreements, the funding organisations may require assurance that all the key areas associated with an intellectual property agreement are covered. These assurances include many of the points raised by the sponsor and lead researcher and should be identified in the terms and conditions of the document. The funder may need to know that the IP agreement complies with all relevant laws and regulations, that there is an effective monitoring process in place and that liability and indemnification terms are present.  

Risks

The use of IP agreements comes with certain risks, and all key collaborators should be aware of these:

• Disputes: Disagreements on IP ownership may occur between parties, especially when multiple organisations are involved in the collaboration. The sponsor needs to ensure that the use of any IP is carefully considered, especially when international collaboration is taking place, as these disagreements can negatively impact the delivery of the research. 

• Infringement: If the IP is used without proper authorisation, legal disputes may occur, potentially leading to a significant financial impact on the IP owner. IP from third-party sources should also be carefully considered. 

• Confidentiality: Disclosure of any IP information can negatively impact the outcome of the project. Clearly defined monitoring and issue resolution procedures must be in place to control any potential breaches during the lifetime and after the completion of the research. 

• Commercialisation: Navigating the regulatory landscape and finding suitable partners for the commercialisation of any new IP can hinder the research outcomes. 

• Financial: Legal and patent fees and other costs associated with protecting and enforcing existing and new IP can be considerable. This can be a significant financial burden, and actions will need to be considered to prevent IP loss. 

Recommendations

It is important that a clear and concise contract is prepared. The following recommendations will help ensure that all parties are protected against all possible IP issues: 

• IP ownership and usage: The ownership of all existing and any new IP needs to be clearly defined. As does the personnel who will have access to it and what restrictions are associated with the IP. 

• Confidentiality: Confidentiality clauses must be added to the agreement to help protect sensitive information. 

• Dispute resolution: There must be a clear procedure in place to monitor any developing IP issues and a clearly defined approach to dispute resolution. This will help reduce the potential for any future lengthy and costly legal battles that may develop. 

• Compliance: The agreement must state all relevant laws, regulations and organisational policies that will be followed. This may include any of the funder’s terms and conditions around IP. 

• Legal and administrative support: The research team should engage with the appropriate legal and administrative teams to set up, negotiate and review the terms of the IP agreement. This will ensure that the agreement is comprehensive and whilst protecting all parties, it will minimise the potential for any future legal disputes. 

Although not exhaustive, many of these recommendations should be considered and will help reduce any potential risk to the research project when setting up an IP agreement.

A data processing agreement (DPA) is a contract between a data processor who handles and analyses personal data on behalf of a data controller.  The current guidance document highlights the key elements needed to construct an effective DPA and the responsibilities of the key members of the research team that are involved in data processing. As the collection, handling and processing of personal information also carries compliance, security and third-party risks which can lead to reputational and financial difficulties, these and other risks are also highlighted in this guidance document. Thus, to aid in the preparation of an effective DPA, several documented recommendations are included and should be considered prior to the start of the research. 

Introduction

A DPA regulates the scope and purpose of data processing. It establishes the relationship between the controller and the processor. It provides a framework to meet data protection principles and legal requirements, helping to justify data sharing decisions. Having a DPA ensures relevant compliance issues are documented. Whenever a data controller shares personal data with a data processor, a legally binding agreement that details each of their obligations under the UK GDPR and the Data Protection Act 2018 must be in place. As with all agreements, clarification by the sponsor's legal team should be considered.  The following are also aspects of a DPA that will need to be considered before any personal information is handled or used: 

• the data controller and processor need to be identified and documented 

• the types of data to be collected, shared and processed need to be identified and documented

• the level of sensitivity and the regulatory requirements should be clearly detailed in the agreement

• a data protection policy must be in place at the data controller’s organisation as a data policy will almost certainly be in place in one or more other collaborating organisations. These policies will need to be reviewed to ensure that they are relevant to the data being processed   

• the collection, storage, processing and disposal of personal data should be clearly identified in the agreement and including any procedures that should be enacted following any data breaches  

 Once the DPA has been implemented and agreed by the data controller and processor organisations, the following can occur:

• the data can be shared and processed only within the terms and conditions of the agreed DPA

• a procedure for data subjects to access their data for corrections or removal should be in place

• security procedures should be established to protect against unauthorised access, loss or damage to the data

• documentation should be in place to record all data processing activities and compliance with all relevant laws and regulations

• notification of any data breaches must follow agreed procedures when informing affected individuals and the relevant authorities

Key elements of the agreement

The DPA focuses on the relationship between the data controller and the data processor and defines the scope and purpose of their interaction regarding the handling of personal data. The following points should be considered when drafting a DPA:

• Subject matter and duration of processing: the DPA should clearly define the processing activities to be undertaken and how long they will last

• Nature and purpose of processing: full details of the purpose and nature of the data processing should be included

• Type and category of data: details of the type of personal data being processed and the individuals whose data is being processed need to be defined

• Obligations: the roles and responsibilities of the controller and processor should be clearly outlined in the agreement   

Download the DPA checklist

Including the above features that need to be considered, the agreement should also consider including specific terms and clauses that address the following: 

• the data processor must only act on the data controller's specific and documented instructions, unless it violates current laws and regulations

• individuals processing the data are subject to a duty of confidentiality

• appropriate data security procedures must be in place and reviewed by both the controller and processor to protect individual subject information

• any sub-processing by the data processor must only be conducted following written and documented confirmation from the controller

• data subject requests and compliance with the Data Protection Act 2018 must be met by the data processor with assistance from the data controller

• all personal data must either be deleted or returned to the controller at the end of the project as specified in the DPA

• the data processor must be available for audits and inspections

Sponsor responsibilities

As with all contracts, the sponsor has ultimate responsibility to ensure that all legal and compliance procedures are in place. However, much of this activity is conducted alongside those activities of the lead researcher and data protection officer. Many of these responsibilities also include ensuring that the data processing and sharing activities comply with the relevant data protection laws and regulations and that the appropriate technical and organisational measures are in place to protect individuals’ personal information. This will also mean that assurances of data accuracy, completeness and protection are compliant with any agreed procedures outlined in the contract. To this end, the sponsor should also ensure that regular monitoring and auditing activities are conducted and that corrective actions are implemented when needed. The sponsor should therefore have a good oversight of all data processing activities being conducted and that all personnel within the research team are trained and aware of the relevant legislation before research is undertaken. In many instances, the sponsor must ensure that the research is covered financially and legally and that the appropriate insurance policies are in place.

Researcher(s) responsibilities

As with most research projects, the lead researcher has a variety of responsibilities that are essential to the completion of the project. In conjunction with the sponsor and aligning closely with activities of the DPO, the lead must ensure that the DSA is prepared and reviewed by the appropriate ethical review bodies, including the DPIA. During the running of the project, compliance with current regulations must be closely documented and that data security is maintained to prevent any breaches. If the project is small and there are very few projects on the go, the lead researcher may also take on the responsibilities of the DPO, detailed responsibilities of which can be found in the DPO section below. In the end, the lead researcher is responsible for delivering on all aspects of the project. 

Data Protection Officer (DPO) responsibilities

Many of the responsibilities of the DPO should be captured within the DPA, shared with the lead researcher, who may also act as the project DPO, and with the sponsor. The presence of a DPO will be dependent on a variety of factors, including the size of the project and the organisation running the research. The DPO will be responsible for monitoring the organisation's compliance with the data protection laws, for monitoring the performance of the DPIA (a requirement for any data processing activity), and for the training of staff in their data handling and data protection obligations. The DPO will act as the point of contact between the organisation conducting the research and any data protection authorities. This may include cooperating with authorities during investigations, audits and the reporting of any breaches as required by law. The DPO will also be in contact with subjects that require access to their own data to rectify or erase incorrectly held information. Finally, the DPO will be instrumental in maintaining the records of all the data processing activities and archiving of the data sets collected during the project.

Research funder responsibilities

The funder of the project may have several responsibilities regarding the DPA. They may want confirmation that the appropriate contractual systems are in place and that these are compliant with the current regulations involving data handling and processing. Although these organisations may be of varying sizes and may require different levels of communication with the research team, it is the DPO who is usually the first port of call. Funders may also require confirmation of any monitoring and auditing processes and that the rights of the data subject are respected and facilitated. Any breaches in the data handling process during the project may have to be related back to the funder to demonstrate that the appropriate procedures have been followed. Finally, the funder may ask for confirmation around data retention, deletion or storage, features that should be detailed in the appropriate agreement.

Risks

The collection, handling and processing of personal information carries a variety of risks that must be highlighted, documented and how they will be dealt with within the agreement. These include:

• Compliance: Non-compliance with the UK GDPR and the Data Protection Act 2018 can lead to financial and reputational damage. 

• Security: Data breaches and access to personal information by unauthorised groups or individuals due to poor security measures can impact the project and result in financial penalties.

• Ambiguity:  Key individuals that are involved in data processing will need to be identified; otherwise misunderstandings and unauthorised processing may occur.  

• Resource constraints: Insufficient resources to implement and maintain the procedures needed to protect personal data may result in delays in the project and additional financial burden on collaborating organisations. 

• Third-party risks: Any non-compliance by third-party processors can impact the data controller and cause delay in the project.  

• Subject rights: Subject rights concerning their personal data can be complex and time-consuming. Failure to be fully conversant with these rights, such as access to information, rectification and deletion of data, can result in project delays and can potentially lead to financial and reputational damage. 

To ensure that the agreement is effective and reduces the potential impact on the research project, the identified risks need to be addressed.

Recommendations

To ensure compliance with regulations, clarity and effective data management, the DPA must include best practice advice and the following:

• Scope and objectives: Clear and concise language should be used in the agreement to help reduce or eliminate any misunderstandings. Ensure that the scope and objectives of the data processing are clearly documented and that all employees involved in this activity are aware of their responsibilities.

• Compliance: The agreement should document how the legal obligations of both the data processor and controller are to be carried out.  

• Security: The technical and organisational measures that will be implemented to protect personal data and in the event of a data breach need to be clear and documented in the agreement. 

• Subject rights: Provisions for the facilitation of data subject rights, such as access, procedures for handling subject requests and deletion of incorrect data, will need to be documented. 

• Reviews: Regular reviews should be in place to ensure the agreement remains compliant with current and evolving regulations. 

• Stakeholders: All relevant stakeholders should be identified and involved in the drafting and reviewing of this type of agreement. This will ensure that comprehensive coverage of all data processing activities is documented. All collaborating organisations need to ensure that there is appropriate financial support if changes to computer systems are required and that adequate personnel are employed to undertake this type of activity.

• Data breaches: The procedures to deal with any data breaches will need to be clearly documented.  

• Transparency and training: The rules and regulations around compliance with the DPA need to be communicated to all parties involved in the research. Training must also be available to all employees to upskill their knowledge and to become fully aware of their responsibilities under all data laws and regulations. 

• Data retention and deletion: The time over which personal data can be held and deleted or returned to the data controller once processing is complete needs to be clearly defined. Data retention may be required if a publication of the results is undertaken following the end of the project. This additional time should be documented in the DPA.  

Although not exhaustive, these recommendations will help ensure that the DPA is effective, compliant with regulations and should help protect the interests of all parties involved.

A data sharing agreement (DSA) is a legally binding contract between two or more companies that oversee data use, information sharing and protection. As this agreement should demonstrate the obligations of the collaborating organisations to existing UK regulations, this guidance document highlights the responsibilities of key members of the research team that must be considered when abiding by these rules. As such, there are several risks that should also be considered when setting up a DSA, including technical and economic barriers, legal and ethical compliance, and data quality. These and several recommendations should be considered when setting up an effective and legally secure agreement.

Introduction

A DSA helps all parties be clear about their roles, sets out the purpose of the data sharing, covers what happens to the data at each stage and sets standards. This agreement provides a framework to meet the data sharing regulations and all aspects of data protection. A DPA is different to a DSA as the DPA is a specific agreement between the data processor and controller, ensuring that the shared data is processed securely and in compliance with current regulations. A DSA helps demonstrate the obligations that should be met under the UK GDPR and that there is a justification for the sharing of personal data.

Before a DSA can be drafted, reviewed and agreed, the following must be considered:

• all parties involved in sharing and handling personal data must be identified

• the purpose and goals of the data sharing must be clearly documented

• the source and format of the data to be shared must be documented

• the DSA must detail the relevant laws and regulations that the DSA must be compliant with

• data protection and security procedures need to be in place

• who will have access to the data and under what conditions needs to be clear

• guidelines should be available on how the data is to be used

• a quality assurance approach must be implemented to measure the accuracy and integrity of the data

• a mechanism for resolving disputes must be part of the DSA

• all procedures, reviews and reports must be documented and archived appropriately - this will help with any issues and data breaches that may arise

The following must occur when a DSA has been drafted and agreed:

• implement the agreed-upon data sharing between parties in the agreement - this data must be transferred securely and in compliance with the terms and conditions of the agreement

• the data must be used by the receiving parties as detailed in the agreement

• all parties handling personal data will need to monitor its use. This would include compliance with current regulations and any specific conditions set out in the agreement

• as specified in the DSA, reports must be generated to track usage and the impact of the shared data to ensure transparency and accountability

• all agreements, reports and procedures need to be reviewed periodically to address compliance and the impact of any changes in the project due to unforeseen events

The agreement should also deal with some of the main problems that arise when sharing data. These include:

• Training: staff involved in data sharing will need to be appropriately trained in all aspects associated with changes in regulations, data breaches and any other issues that may arise during the project

• Access: procedures must be in place for dealing with access requests, complaints or queries from members of the public

Key elements of the agreement

The DSA provides a framework that highlights the approach that should be taken when sharing data. The elements used to construct a DSA include:

• Recording data: Agreed data structures for recording personal data should be applied.

• Purpose: The purpose for sharing personal data should be clearly defined in the agreement 

• Responsibilities: The roles and responsibilities of each party involved in the project must be documented. This must include who collects, processes and shares the data. The individual responsible for ensuring compliance also needs to be identified.

• Data handling: A description of what happens at each stage of the data sharing process needs to be documented. Include data collection, storage, processing and disposal. Different organisations may have different rules around the handling of the data, but a standard approach should be documented and signed up to. 

• Security and standards: Standards for data security, privacy and confidentiality will need to be agreed. Encryption, access control and protective measures will also need to be considered. The DSA should highlight any procedures to demonstrate that the data being shared is accurate and reliable, especially if high-privacy sets are being shared. 

• Review: The DSA should be reviewed on a regular basis and especially when there are changes in regulations or the rationale for collecting and using the data. It should also be updated if there are significant issues that arise, such as data breaches.

Download the DSA checklist

Sponsor responsibilities

The sponsor has overall responsibility to ensure that all appropriate procedures are in place to deliver an effective DSA. However, this may be done in conjunction with a DPO or lead researcher; a DPO may already be in place within the organisation. Sponsors must ensure compliance with all regulations on data protection and that a reporting structure is in place to capture any data breaches. Risk management is another key responsibility, and the sponsor needs to ensure that risk management strategies are in place to address any potential issues. These activities should be highlighted to the research team using an effective communication strategy. Regular meetings and updates need to be part of the agreed activity of the project as are the procedures to ensure all relevant employees are trained and knowledgeable on all aspects relevant to the DSA. These activities are ultimately the responsibility of the sponsor, and as such appropriate insurance policies may need to be in place before the project is allowed to start.

Researcher(s) responsibilities

In conjunction with the sponsor, the DPO and key members of the collaborating organisations, it is the lead researcher’s responsibility to ensure that the DSA is in place prior to the start of the project. Where a DPO is absent, the lead researcher may take on this responsibility in addition to the management, communication and compliance with current UK regulations. 

Data Protection Officer (DPO) responsibilities

Along with the sponsor, the DPO is the individual that implements, follows and updates the key areas of the DSA. The DPO must ensure that the data sharing activities comply with relevant data protection laws and that the DSA aligns with local and organisational policies and guidelines. They will also provide guidance on best practice for data sharing and will be the primary point of contact for any DPIA requirements. The DPO will also be responsible for undertaking a risk assessment before the DSA is active, be responsible for training staff, raising awareness about data protection to all employees and ensuring compliance with relevant regulations through regular audits and reviews. All data sharing activities should be documented and archived according to the terms of the DSA. These responsibilities will ensure that the DPO conducts the data sharing activities to all ethical and legal requirements.

Research funder responsibilities

The organisation funding the research may require certain assurances that the project is conducted along appropriately agreed lines. Assessment of the funding organisations' terms and conditions should highlight the areas in which confirmation may be required prior to the release of funds. The funding body may also require evidence that the DSA covers how the project team will comply with the relevant UK legislation, how the data sharing will be monitored and how the rights of the data subjects will be respected and facilitated. These areas are also covered in the sponsors’ and DPO's responsibilities and should be detailed in the DSA. Data handling, breach notification protocols and the use of trained staff in the activity of sharing personal data should also be apparent if the funding body requests such information.  

Risks

The potential risks that should be considered when setting up a DSA include:

• Technical barriers: Data sharing can be time consuming and challenging if there are different standards and data systems in operation between collaborating organisations. There will need to be a drive to ensure that these systems can either work together or that one system is in place for all aspects of the data sharing activity. A failure to foresee or overcome this issue may delay the project or add an additional financial burden on the collaborating organisations.  

• Motivation: The loss of control of the data between collaborating organisations may result in delays and the reluctance to participate in the research. 

• Economic barriers: Costs associated with data preparation, storage and management can be substantial. Funds for these activities may be limited, putting pressure on the project to effectively deliver on its objectives.

• Politics: Considerations that are political or involve national security concerns or institutional policies can affect data sharing and thus have a significant impact on delivery. 

• Legal and ethical: Compliance issues may arise with the data protection laws. These laws are complex and time consuming, and failure to abide by them can have a significant financial and reputational impact.

• Trust: Trust is an important factor to consider when multiple collaborating organisations are involved in data sharing. Data misuse by any one of the parties involved in the research can hinder the delivery of the project. 

• Data quality: All types of data, whether original or modified, must be of high quality. Appropriate and agreed standards need to be applied across the board as any inconsistent or poor-quality data can negatively impact the project and any publications that arise from the research.

Addressing these risks requires careful planning, clear communication and trust between collaborators involved in the data sharing activities.

Recommendations

Establishing an effective DSA for public-based research is time consuming, and the following recommendations should be considered:

• Objectives: The objectives of the data sharing activity need to be clearly defined. The clearer the purpose and goals of the data sharing activities, the more likely the data will be accurate and reliable.

• Partnerships: Trust amongst the collaborating organisations is essential. Each party engaged in collaboration must ensure that open communication and support is available.

• Compliance: The data sharing activities must be compliant with current UK laws, regulations and ethical guidelines. Procedures will also need to be in place to ensure that all approvals and consent to undertake this activity have been captured. 

• Responsibilities: Each team member involved in the data sharing activities must be clearly defined. This may include specifying who will be acting as the DPO and responsible for all sharing and compliance activities.

• Security: There must be a robust data security procedure in place and highlighted in the DSA to protect from unauthorised access, breaches and misuse of the data. This will include data encryption, access controls and regular audits.

• Data management: Usually, a data management plan is effective and should detail all the processes and procedures required when data sharing is in effect. This plan will aid in the reliability and accuracy of the data.   

• Subject rights: The rights of the data subjects need to be central in the ethical use of personal data. The rights of access to their data and to rectify any errors will need to be clearly documented in the DSA. 

• Monitoring: Audits and reviews are essential to ensure that the data sharing activities are being conducted ethically and to current laws and regulations that govern this activity. Any compliance issues must be documented and raised to the appropriate members of the team and, where necessary, to external organisations when serious breaches of information have occurred.

A research contract is a legally binding agreement that governs the terms and conditions of the funded research between an organisation (such as a local authority) and an external awarding entity. In this instance, the guidance document refers specifically to the contract issued by the funding body. These contracts detail the conditions that will need to be agreed and followed during the project. The current guidance document highlights the key elements often associated with the funder's contract, along with the responsibilities of the main members of the research team when reviewing and signing this type of document. There are financial, administrative and compliance risks that should be considered with this agreement, but the recommendations given should help the researcher navigate and address these issues prior to signing and starting the research.  

Introduction

Each funding body will have its own terms and conditions due to different objectives, regulatory requirements, administrative policies and other factors that the researcher will have to agree to and sign prior to the release of any funds.  

Before a research contract can be agreed, the following is needed: 

• a successful research application – the offer will need to be accepted and the funder's agreement signed before any money is released

• ensure relevant grant terms and conditions have been read and understood

Once the funder's research contract has been signed and agreed, the following can occur:

• the research project can commence

Key elements of the contract

The following are key points about research funder contracts that should be noted:

• Publication rights: A review period may be requested from the funder prior to any publication. This type of restriction may be the result of the need to confirm and protect any confidential information.

• Compliance: The funder's acceptance criteria may require confirmation of compliance with legal, ethical and financial standards and guidelines.

• Termination: Termination clauses may be present in the contract. The researcher should determine the conditions under which the contract can be terminated and the consequences of this action. 

• Confidentiality: Confidentiality clauses may be present in the contract. These will be there to ensure sensitive information is protected, and the information should be included in any subsequent contracts the research team sets up.

• Disputes: Evidence of any dispute resolution approaches may be required and addressed in the funder’s terms. 

• Approvals: The contract should be reviewed and approved by the organisation's legal team or research office. Only authorised personnel, such as the sponsor, can sign the contract.

Sponsor responsibilities

The sponsor is ultimately responsible for accepting the funding body’s contract. The sponsor is responsible for accepting the terms and conditions of the contract whilst ensuring that the conditions remain aligned with the goals of the research and collaborating parties. For a smooth execution of the contract, the sponsor should ensure that all the requested documents, reports, audits and financial statements are prepared and delivered in accordance with the terms and conditions of the contract. 

Researcher(s) responsibilities

The researchers’ responsibilities when a project has been agreed include, in the first instance, understanding the terms and conditions of the contract. This will include various elements such as timelines, financial statements and all other aspects required to deliver on the project. The contract will also specify the timelines for the submission of all progress, final reports and audits to which the researcher should be aware of and be able to meet.   

Research funder responsibilities

The primary responsibility of the awarding body is to provide the agreed financial support at times and dates specified in the terms and conditions of the contract, terms that are set up prior to submitting the funding application. Regular progress reports, site visits and audits may also be requested. Most funding organisations will also offer support and guidance when requested. This may often include access to experts, relevant events and conferences and any workshops related to the research being undertaken. Open and clear lines of communication and dialogue with the funding organisation may be requested. This will help with providing feedback, addressing concerns and clarifying any potential future funding opportunities.

Risks

Accepting the terms and conditions of the funding body can come with several risks. These will need to be considered prior to signing the contract:

• Financial: Budgetary restraints, restrictions and limitations on how funds can be spent may apply. In addition, mismanagement and misallocation of funds during the life of the project can incur financial penalties. 

• Compliance: Non-compliance with regulations, ethical guidelines and reporting requirements can result in loss of funding and damage to the organisation's reputation. 

• Administration: Detailed reporting, audits and other activities can be time consuming and divert resources away from the actual research, thus impacting the delivery of the project to time and budget. 

• Intellectual property: There may be clauses that affect ownership and use of intellectual property that develop during the research. This can limit any commercialisation and the use of the IP in future work. 

• Performance: Specific milestones and performance criteria might be set in the terms of the contract. Failure to achieve these can delay the project and, in extreme cases, result in financial or reputational damage.  

In all these cases, the researcher needs to ensure they have read the terms and conditions of the contract and should be confident that all the deliverables can be met.

Recommendations

When addressing the funder's contract, the following recommendations should help in understanding and accepting their terms and conditions. These include: 

• Understanding: Read and review the funder's terms and conditions. Check that the clauses align with the governance structure of the applicant's organisation. 

• Intellectual property: The contract must clearly define the ownership of any IP created during the research. If it doesn’t, check with the funding organisation.

• Compliance: Check what level and extent of compliance with existing regulations is required. 

• Finance: Review the budget and funding provisions and consider whether they adequately cover all costs to complete the project. 

• Risks: Determine whether there are any potential project-specific risks identified in the terms and conditions of the contract. These will need to be addressed before the start of the research.

• Responsibilities: Determine whether there is mention of any required responsibilities within the terms and conditions of the contract and whether these align with those agreed within any subsequent collaboration contract.  

• Publication: Check whether there are any funder relevant issues with the publication of the research. All research outputs should be published if possible. 

As with all funding contracts, many of the terms and conditions that need to be met can be addressed prior to the application. Therefore, in most instances, many of the risks and recommendations should have been understood and covered prior to the start of the project.

Contracts and agreements in research

For further information, the links below offer additional context to the use of contracts and agreements in research.  

• Advice for independent researchers and small charities - UK Research Integrity Office (ukrio.org)

• UK Policy Framework for Health and Social Care Research - Health Research Authority (hra.nhs.uk)

• University and business collaboration agreements: Lambert Toolkit - GOV.UK (www.gov.uk)

• Intellectual Property Office - GOV.UK (www.gov.uk)

• Information Commissioner's Office (ICO)

• Controllers and personal data in health and care research - Health Research Authority (hra.nhs.uk)

• NIHR position on the sharing of research data | NIHR

Collaboration agreement

Lambert Toolkit and Heads of Terms Agreements:

The Lambert Working Group has created a toolkit; the Lambert Toolkit, which is designed to assist academic, research institutions and industrial partners who wish to carry out research projects together. It contains seven collaboration agreements and four consortium agreements. The Modal Heads of Terms Agreements and the Decision Guide (for two-party collaboration agreements) may be useful to determine whether one of these agreements is suitable for a public health specific research project. 

Intellectual property

Intellectual Property Office - GOV.UK:

• Trade marks

• Patents

• Designs

• Copyright

Data processing agreement

• Data Processing Agreement according to UK GDPR | activeMind.uk – includes link to free download ‘Data Processing Agreement template’ 

• Data Protection Act (2018)

• 72 hours - how to respond to a personal data breach | ICO

Data sharing agreement

• Information Commissioner’s Office (ICO): for organisations

• Information Commissioner’s Office (ICO): how to respond to a personal data breach

Agreement: This term defines a mutual understanding between two or more collaborating organisations.

Assignment: With respect to agreements, this is a contract that involves the transfer of IP rights from one party to another. 

Biologicals: A class of materials derived from living organisms.

Collaboration: a group process of working towards a common goal.   

Confidentiality: The keeping of something private or confidential.

Contract: A legally binding agreement between more than two organisations or individuals

Data controller: An individual or organisation that determines what personal information is to be shared.  

Data processor: An individual or organisation that processes sensitive information, such as personal data. 

Data protection: The practice of keeping data safe through regulation and agreed best practice.

Data protection impact assessment: An evaluation of the potential impact of sharing and processing personal information.  

Data subject: An individual with whom personal data is associated. 

Data usage policies: A Document that details how, when and why personal data is to be handled during a research project.  

Deed: A formal, legal document that creates a binding obligation of interest. 

Funding stream: A source of financial support for the research project. 

Impact evaluation: A way of determining the achievements and measurable outcomes of the project. 

Indemnification: An approach which outlines who is responsible if an IP infringement occurs.  

Injunction relief: A legal approach in a civil lawsuit that deals with monetary damages.  

Intellectual property: A creation of the mind, that is protected by law through various mechanisms. These could be inventions, artistic works, designs and symbols.  

Lawful basis: A term that refers to having a valid reason for collecting or using personal information. 

Liability and warranty: Liability is a legal or financial obligation to a person or company. A warranty is a commitment or promise made by a seller to a buyer. 

Licensee: An individual or company who has been given the right to use IP by the licensor. 

Licensing agreement: A contract that offers the right, under certain conditions, to the licensee to use the IP of the licensor. 

Licensor: The owner of the IP. 

Materials: Any item used in the delivery of the research project. 

MTA-in: Covers the transfer of materials to the researcher, especially where the researcher is requesting the provider to supply them with materials. 

MTA-out: Covers the transfer of materials owned or controlled by the researcher, including researcher-developed materials. 

Mutual NDA: Both parties exchange confidential information and commit to keeping the shared information confidential.  

One-way NDA: Only one party discloses confidential information which the recipient agrees not to reveal to others.  

Parties: Organisations or individuals who are signatories to a contract. 

Patent and copyright registrations: Clarifies the organisation’s rights over patents, trademarks, copyrights, and other IP assets. 

Patents: A legal term that grants the inventor exclusive rights to their invention. 

Personal data: All information that identifies an individual as a data subject. This could include people’s names and addresses, photographs, customer reference numbers, medical information, school reports and customer reviews.   

Pre-award: A situation prior to any acceptance by a funding body to agree on supporting the research proposal.

Post award: A situation where an award has been agreed by the funding body, but prior to the signing of the funders contract and before the start of the project and the release of any funds.

Proprietary technology: Proprietary technology is any combination of processes, tools, or systems of interrelated connections that are the property of a business or individual. These combinations provide a benefit or competitive advantage to the owners of proprietary technologies. 

Quality assurance: A measure of data quality and integrity. 

Regulatory approvals: Necessary permissions and compliance with legal and regulatory policies are required for the research project. 

Research idea: A concept that may form the basis of a research project. 

Risk management: This term is mentioned in the context of identifying potential risks and developing mitigation strategies. 

Sponsor: An individual or organisation that takes ultimate responsibility for the initiation, management, and financing (or arranging the financing) of a public health research project. 

Stakeholders: All parties involved in the research project. 

Trade secrets: A term used to describe any form of IP that is not generally ascertainable and is protected by law.