Skip to content

Terminology for researchers

Our list of common terms is designed to help you understand more about public sector data in Scotland.

Illustration of a magnifying glass looking at numbers.


  • Accreditation

    You must be affiliated with an approved organisation, currently restricted to public sector organisations (e.g. universities, NHS, local authorities and the Scottish Government), throughout your research project. Researchers from other organisations can partner with an approved institution or the eDRIS team for analyses to be carried out on their behalf.

  • Administrative Data

    Administrative data is information created when people interact with public services, such as schools, the NHS, courts or the benefits system. This data is collated by the government and also includes basic information about people in the UK, for example notifications of births, deaths and marriages, the electoral register, and national censuses.

  • Administrative Data Research Scotland (ADR Scotland)

    ADR Scotland is a partnership between the Scottish Centre for Administrative Data Research (SCADR) and Scottish Government (SG) with a vision to support researchers and data controllers to share data efficiently and effectively for the public good.

  • Administrative Data Research UK (ADR UK)

    A UK-wide partnership transforming the way researchers use and link public sector data to enable better informed policy. ADR UK is funded by ESRC/UKRI.


  • Community Health Index

    A unique number given to every individual who registers with the NHS in Scotland, often used to link Scottish health datasets together.

  • COVID-19 Data Holding

    Public Health Scotland (PHS), the Scottish National Safe Haven and other UK-based Trusted Research Environments (TREs) received grant-funding from October 2020 to September 2022 from Health Data Research UK to establish an infrastructure supporting COVID-19 research projects, providing rapid access to key health and non-health datasets within a secure analytical environment.


  • Data Controller

    A natural or legal person, agency, public authority or other body which, alone or jointly, determines the purpose and means of processing. Controllers make decisions about processing activities. They exercise overall control of the personal data being processed and are ultimately in charge of and responsible for the processing.

  • Data Linkage

    Data linkage is the process of joining together records that pertain to the same entity, such as a person or business.

  • Data Processing

    The collection and manipulation of items of data to produce meaningful information. Includes collecting, cleaning, manipulating, analysing, storing and sharing.

  • Data Processing Agreement (DPA)

    A legal contract between a data controller and data processor that allows the data processor to process data that is controlled by the data controller. DPAs include strict conditions on how the data is to be held, processed and accessed for a specific purpose. Also known as a Controller-Processor Contract.

  • Data Processor

    A person or organisation responsible for processing data on behalf of a data controller. Data processors have specific legal responsibilities under GDPR.

  • Data Protection Act 2018

    The Data Protection Act 2018 (DPA 2018) is a UK Act of Parliament. The DPA 2018 superseded the Data Protection Act 1998 on 23 May 2018 when the EU General Data Protection Regulation (GDPR) 2016 came into force. As the UK was a previous member state, the EU GDPR was directly applicable. After the UK left the EU, the GDPR was retained in domestic law and became the UK General Data Protection Regulation (UK GDPR) on 1 January 2021. The UK GDPR sits alongside an amended version of the Data Protection Act 2018, and both apply to the protection of personal data.

  • Data Protection Impact Assessment (DPIA)

    A risk assessment document that identifies, analyses and outlines the process to minimise the data protection risks of a project or plan. DPIAs are required for almost all data linkage projects in Scotland.

  • Data Protection Officer (DPO)

    A legally required role for public bodies and any organisation processing personal data on a large-scale. DPOs are responsible for advising and monitoring compliance with all data protection laws and provide the first point of contact for supervisory authorities on data protection.

  • Data Provider

    A person or organisation providing data for a research project. Data providers may or may not be the data controller of the data being provided.

  • Data Sharing Agreement (DSA)

    A formal agreement used when sharing data that clearly documents what data is being shared, how the data can be used and the obligations on each party in relation to the data sharing.

  • De-identified Data

    De-identified data, otherwise known as safe data, is data that has removed or disguised details that could lead to someone's identity being revealed, such as name, date of birth and address. Examples of de-identified data include anonymised data, which completely removes personal information, and pseudonymised data, which replaces identifiable information with a string of numbers and letters. The process of de-identification ensures that data can be used safely in research.



    The electronic Data Research and Innovation Service (eDRIS) is part of Public Health Scotland (PHS). eDRIS Research Coordinators provide end-to-end support for researchers applying for access to secure datasets.

  • EPCC

    Part of the University of Edinburgh, the EPCC provides world-class supercomputing, data facilities and services for science and business. The EPPC also operates the secure infrastructure for the Scottish National Safe Haven.


  • Five Safes

    The Five Safes framework is a set of principles which enable data services to provide safe research access to data. These principles relate to data, projects, people, settings and outputs.


  • General Data Protection Regulation (GDPR)

    GDPR sets out regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). The GDPR is retained in domestic law as the UK GDPR and sits alongside an amended version of the Data Protection Act 2018. UK organisations must consider that there are two sets of legislation which govern personal data, the UK GDPR as well as the DPA 2018.


  • Hashing

    An encryption process that uses an algorithm to convert data of any size into a fixed length. Hashing is a security measure that makes it harder for bad actors to decipher the original variable.

  • Health and Social Care Public Benefit Privacy Panel (HSC-PBPP)

    The HSC-PBPP comprises a panel of information governance and data experts that provide approval for secure health data to be used in research by examining a project’s public benefit in relation to its privacy risks.

  • Health Data Research UK (HDR UK)

    HDR UK is the national institute for health data science. The HDR UK Innovation Gateway collates information on more than 750 health-related datasets in the UK.


  • Identifier

    An identifier is any data that can either directly identify an individual or link an individual to their identity.
  • Information Commissioner’s Office (ICO)

    The ICO is the UK's independent body set up to uphold information rights. The ICO has produced useful resources including a Guide to Data Protection and a Data Sharing Code of Practice.


  • Metadata

    A set of information describing a dataset or asset. In data linkage, metadata refers to information relating to the structure of the data, what variables are contained, what time period and population is covered, and what the linkage possibilities are.


  • National Records of Scotland (NRS)

    A Non-Ministerial Department of the Scottish Government. Set up in 2011 from the merger of the General Register Office (GRO) and the National Archives of Scotland (NAS), NRS collects, preserves and produces information about Scotland's people and history and makes these records available to inform current and future generations.


  • Office for National Statistics (ONS)

    The ONS is the UK’s largest independent producer of official statistics and its recognised national statistical institute, responsible for collecting and publishing statistics related to the economy, population and society at national, regional and local levels.


  • Payload Data

    The de-identified variables researchers receive for their research project, as specified in the research proposal and applications. Also known as Content Data.

  • Personally Identifiable Information (PII)/Personal data

    Information that can directly identify an individual person without reference to any other information. For example: name, date of birth, postcode, genetic information.

  • Population Spine

    A single record containing as many members of the population as possible and used as a reference dataset for linking records from different sets of data for a single person.

  • Public Good

    Public good, also known as public benefit, means that there should be some ‘net good’ accruing to the public; it has both a benefit aspect and a public aspect. The benefit aspect requires the achievement of good, not outweighed by any associated risk. Good is interpreted in a broad and flexible manner and can be direct, indirect, immediate or long-term. Benefit needs to be identifiable, even if it cannot be immediately quantified or measured. The public aspect requires demonstrable benefit to accrue to the public, or a section of the public.

  • Public Health Scotland (PHS)

    A national health board of NHS Scotland responsible for shared services across Scotland. PHS also operates the eDRIS team.


  • Research Coordinators

    Part of the eDRIS team, Research Coordinators provide end-to-end support for researchers applying for access to public sector data, including: identifying relevant data permissions, indexing and linkage processes, and reviewing PBBP applications prior to submission.

  • Research Data Scotland (RDS)

    RDS is a not-for-profit charitable organisation created and funded by the Scottish Government, and a partnership between leading universities and public bodies. Our vision is to advance health and social wellbeing in Scotland by simplifying access to public sector data.


  • Safe Havens

    Governed trusted research environments (TREs) for researchers from accredited organisations to work on approved projects of public benefit using sensitive data. In addition to the Scottish National Safe Haven, there are four regional safe havens in Scotland providing access to local health data.

  • SafePod Network

    The SafePod Network provides a network of standardised safe settings across the UK to improve secure access to data for research that benefits the public. SafePods are small, prefabricated settings which provide the necessary security and controls to enable a researcher to access and work on secure data.

  • SAIL Databank

    Funded by Health and Care Research Wales and based within the Medical School at Swansea University, SAIL Databank provides trusted data resources to support research for patient and public benefit.

  • Salts

    Unique random values that are added to data variables to obscure the contents before data is hashed. See also: Hashing.

  • Scottish Centre for Administrative Data Research (SCADR)

    Hosted at the University of Edinburgh, SCADR is a research network that analyses data from across the public sector, exploring what linking it in new ways can reveal. The network comprises researchers from a range of leading Scottish institutions.

  • Scottish Government Statistics

    The Scottish Government is committed to making its data accessible, subject to data protection legislation. Researchers can request access to secure data, view official statistics or search the Scottish Government’s open data platform.

  • Scottish Longitudinal Study (SLS)

    The SLS is a large-scale study following 5.3% of the Scottish population from the 1991, 2001, 2011 Censuses, linked to NHS Central Register data and education data (including Schools Census and SQA data to answer a range of research questions.

  • Scottish Medical Imaging (SMI) service

    Part of the eDRIS team within Public Health Scotland (PHS), the Scottish Medical Imaging (SMI) service provides linkable, population based, "research-ready" real-world medical images for use in healthcare research, including development or validation of AI algorithms within the Scottish National Safe Haven.

  • Scottish National Safe Haven (NSH)

    A governed trusted research environment (TRE) for accredited researchers to work on approved projects of public benefit using sensitive data. The NSH secure infrastructure is operated by EPCC and controlled by Public Health Scotland (PHS) with the oversight of Scotland's Public Benefit and Privacy Panel (PBPP).

  • Special Category Data

    Special category data is personal data that needs more protection because it is sensitive. UK GDPR defines nine types of special category data, which require additional safeguards to be processed. More information on special category data is available through the ICO.

  • Statistics Public Benefit Privacy Panel (Stats-PBPP)

    The Stats-PBPP comprises a panel of information governance and data experts that provide approval for secure data held by the Scottish Government or the Scottish Census to be used by examining a project’s public benefit in relation to its privacy risks.

  • Synthetic Data

    Synthetic data is a new copy of a dataset that looks like the original dataset, created by modelling the statistical distribution of the original data and taking a random sample from this distribution, and where no synthetic record corresponds to an individual record in the original. Synthetic data can be used for training, data discovery, code development and model generation to limit access to the real data.


  • Trusted Research Environments (TREs)

    TREs are governed research environments for accredited researchers to work on approved projects of public benefit using sensitive data. Within Scotland, TREs are often referred to as safe havens.

  • Trusted Third Party

    The party responsible for indexing the personal identifiable information (PII) to a spine, meaning that PII is kept separate from all other data.


  • Understanding Patient Data

    Understanding Patient Data works with patient groups, charities, NHS organisations and policymakers to make the way patient data is used more visible, understandable and trustworthy for patients, the public and health professionals.

More resources

How RDS works with eDRIS

Discover how we work together with our eDRIS colleagues to provide data access support.

Discover eDRIS support

Information governance for researchers

Discover key principles and legal considerations of information governance (IG) when accessing data.

Learn about IG

Trusted Research Environments

There are a range of trusted research environments (TREs) in Scotland providing access to secure data. 

Find out about TREs

Research data security

Find help for navigating data security as you work with secure and sensitive data for your research project.

Learn about data security

Researcher approvals and training

Find details on approved organisations in the UK, mandatory training for researchers and additional requirements.


Find approval details

Research for public good

Learn about the concept of public good and how research projects must deliver clear benefit to the public.

Learn about public good

Was this information helpful?