The goal of the data management policy is to create transparency about research data and its usage and, thus support research replication, protection of personal data and data reuse.
The practical results are data management plans and deposits of data underpinning your research after each specific cycle in your research project, e.g. after each scholarly publication of after finalization of your entire project. When personal data are involved, the steps guide you to be compliant to European law and the faculty’s policy.
- Before you start using any sources, establish what these sources will be.
- If you plan to collect information about/from living persons then:
- Inform yourself about the GDPR and the rights of data subjects
- Establish exactly what kind of personal data
- Establish the lawfulness of your processing
- Involve your institutional Data Manager, Ethical Committees and, if relevant, the Data Protection Officer.
- Take the training on the GDPR and the handling of personal data offered by Research Data Management Support.
- Data storage during your research; take into consideration that your data should be stored in a location with adequate provision for accessibility, security and recovery.
- Plan where you will archive and publish your data after your research; take into consideration that your data should be stored in a location with adequate provision for accessibility, security and recovery and as FAIR as the nature of the data allows for. Your archival data package will be stored for at least 10 years.
- Plan for archiving in sustainable data formats as much as possible.
- Document all the previous steps in a so-called Data Management Plan and, when personal data are involved, a Processing Registry or DPIA. Store these documents on the designated central infrastructure(s) and/or in your own administration.
- If you observe or suspect a data leak, information security incident or -risk, inform your Institutional CERT Team as soon as possible.