Is an IGRR required for REDCap?
The version of REDCap relaunched as part of the Research Lifecycle Programme has undertaken an Information Governance Risk Review (IGRR)
If your research is likely to involve high risk processing the relevant researcher or PI may need to complete an Information Governance Risk Review which may ultimately lead to a full Data Protection Impact Assessment being carried out. This will be done in consultation with the Information Governance Office. For more information as to what constitutes ‘high risk’ processing read the following ICO guidance and examples.