There is no one overriding statute or set of regulations in the UK which deals with biobanks. There are, however, certain regulatory requirements that UK Biobank must meet. 

Human Tissue Authority Licence

We hold a Human Tissue Authority (HTA) licence, so a separate HTA licence is not required by researchers who receive biological samples from us.  

Because of this we impose obligations through the material transfer agreement on researchers using samples. For example, researchers must destroy or return residual samples at the end of the research project, and they cannot transfer samples to third party premises without the specific approval of UK Biobank. These obligations are consistent with our obligations under our HTA licence. 

UK Biobank’s HTA licence (12002) is granted under Section 16 (2) (e) (ii) of the Human Tissue Act 2004

The UK General Data Protection Regulation (UK GDPR)

We comply with the prevailing data protection laws in the UK, including the UK GDPR and the Data Protection Act 2018. 

This means that we treat any personal data provided to us (whether that’s from participants, researchers and anyone else) in accordance with the UK GDPR. We keep it secure and require that anyone who has access to personal data also complies with these standards. We also pseudonymise our participant data and only approved researchers have access to it.

For more information about how we collect, share and use participant personal data, please see the Participant Privacy Notice.

Our Privacy Policy provides more detail about how we collect, share and use the personal data of anyone else who may interact with us, including researchers.

Research ethics approval

We have approval from the North West Multi-centre Research Ethics Committee as a research tissue bank. Find our more on our Ethics page.

Certifications

We have invested in quality and information security management systems to support the collection, processing, storage and analysis of biological samples and data for research into genetic and environmental factors that impact on human health and disease.

These management systems have been certified to ISO 9001:2015 and ISO 27001:2022 respectively by the British Standards Institute (BSI). 

Our information security system also meets Cyber Essentials Plus standard.