Data security

In the data management plan, you describe at this point

1) Where do you store the data? Where do you back it up during your thesis process?
[Help: select one or more. Remove other options and this instruction text]
U-drive (personal and special personal data)
University O365 OneDrive (personal data)
Project designated storage location, what:
Other, what, why and in what way protected:

2) How do you handle the data securely, for example, what software or hardware do you use?
[Help: select one or more. Remove other options and this help text]
Webropol (surveys: personal data)
REDCap (surveys: special personal data)
Recorder (interviews: personal data and special personal data)
University Zoom (interviews: personal data and special personal data)
University Teams (interviews: personal data)
Other, what and why:
None because:

3) Who has access to your data?

Related to the FAIR principles of Findable and Re-usable.

The data must be stored and processed securely, especially if it contains personal data or other confidential information.

Choose secure storage locations

Data cannot be stored wherever if it contains personal data or other secret information. Use the storage locations provided by the university:

  • A protected place for your data is the U-drive. It is a storage location owned and backed up by the university. The U-drive can be accessed from your own computer with the university's VPN connection. See the instructions for digital services for remote access to the U drive with a VPN connection.
    • The problem with the U-drive is that it is personal and when you leave the university, access to it is blocked.
  • Office 365 OneDrive used with university credentials is ok if the data does not contain special personal data or other sensitive information.Do you process special categories of personal data?
  • According to the university's instructions, data is encrypted using the Cryptomator program. See
    • instructions
    • The program can be downloaded from the Cryptomator website.
    • Note the risk: A password is created for Cryptomator. If you forget your password, it cannot be recovered and you would lose access to your data. Choose a password that you are sure to remember and/or write it down in a safe place.
  • Do not use standard USB drives or unprotected external hard drives.

When encrypted, O365 OneDrive could also be used to store special personal data if, for example, the progress of work requires it.

Are you considering your own or your workplace's computer as a storage location for the data? In this case, you are responsible for data security. Also, you may not have automatic backup enabled on your own computer, which is one of the criteria for a good storage location.

As part of a research group, you may have the opportunity to access the research group's folder in the Nextcloud service or on network drives (S drive). You can apply for access to Nextcloud using the grant researcher form.

If you are working with a research group or with finished data, the project may provide more detailed instructions on the secure processing and storage of the data.

The secure services used by university staff can often also be used as a student. For example, CollabRoom is a service intended for sharing confidential data within a research group, for which students can also get credentials if necessary. CollabRoom credentials can be applied for in the HelpJYU portal (, Services and guidance > Research > Resources > CollabRoom.

The university's table of processing confidential information explains in more detail what information can be stored where. As a clarification to the table, a network drive means, for example, the U drive.


  • The U-drive is automatically backed up, but still make your own backups – especially before major data processing operations. You can make your own backups to the U drive.
  • If there is no special personal data in the data, you can also use the university's O365 OneDrive for backup (or vice versa).

Please note that the code key related to personal data must be located in a separate security location, such as a locked desk drawer.

If the data is sensitive, any transfers must be made over a secure network, such as a VPN connection. Transferring with a flash drive should be avoided.

The university's data policy states that it is the researcher's responsibility to use the university's secure storage solutions in storing data. If you use something else, justify it in your data management plan.

Choose secure programs and devices

Ensure secure programs and devices when conducting interviews, remote interviews, surveys, and more.

  • For interviews: use a tape recorder borrowed from the university. The tape recorder should have a function for encrypting recordings.
  • For remote interviews: use the Zoom program at with your university credentials.
    • If you do not process special categories of personal data, the university's Microsoft Teams can also be used. 
    • If special personal data is processed during the interview, Zoom should be used on the university's device. Think about whether this is possible for you. In addition, if possible, recording should be done on a U-drive, i.e. not, for example, on one's own computer.
  • Transcriptions: Tutkimusmoniviestin (a university site for research interviews) and MyJYU AI Transcription. Teams or Word transcription cannot be used unfortunately.
  • Surveys are made with Webropol, not e.g. Google Forms.
  • If the survey contains sensitive data such as special categories of personal data, use the JYU REDCap survey software instead of Webropol. REDCap is specifically intended for collecting sensitive personal information.
    • Order your REDCap user rights using a form in HelpJYU. On the form, mark "Studying" as the purpose of use. REDCap rights are then valid for the duration of your study right.
    • The software makes it possible to build versatile online surveys and forms that can be used in field research (e.g. structured interview).
    • Carefully familiarize yourself with the data security principles and functionalities of REDCap when you plan to implement a survey containing sensitive information. REDCap is quite versatile in its functionality and its user interface is in English, so you should start familiarizing yourself with it about 3-4 weeks before sending the survey.
  • Other devices: for example, if you intend to film a group of participants, etc., make sure that you also have secure devices, such as a video camera.

The processing of the data must be carried out in such a way that the information to be protected is not revealed to third parties. For example, transcriptions of interviews are not made in public spaces. Especially if the data contains special personal data or other sensitive data, it is a good idea to process the data alone, for example, at home.