Primarily in the European arena, the most far-reaching factor that has to be taken into account when collecting and managing data is the General Data Protection Regulation (GDPR). Enforced on 25 May 2018, GDPR replaced the EU’s previous framework on data privacy – a ‘directive’ that had been in operation since 1995. While retaining the overall regulatory approach, the GDPR has also introduced multiple new compliance obligations, including greater sanctions, compared to the previous legal framework. The idea behind the GDPR (as for the original directive) was to better regulate and safeguard personal data protection and privacy. It takes more account of data gathering and management for research purposes, but leaves a great deal still open to interpretation. Nevertheless, this appears to set an international standard for legislation enacted by Member States and beyond the European area. The situation can change frequently so, if you come across useful updates and/or templates and protocols, do let us know.