Data management plan - Research ethics, legislation and rights related to data
It is important to address the ethical and legal aspects of data management in the data management plan.
Fundamentally, all research is committed to following the good scientific practices set by the Finnish National Board on Research Integrity..
In addition, legislation often imposes various constraints on the conduct of research, especially when the research involves endangered species, animal testing, or—most commonly—the processing of personal data. In this section, you must, of course, commit to complying with data protection legislation (GDPR) and describe the personal data you will collect, the legal basis for processing, the data controller, the data processors, how you will ensure data protection in practice, and whether you will pseudonymise or anonymise the data. You do not need to repeat the privacy notice or the data protection statement; instead, focus on describing the practical measures you will take to protect the data. It is important to recognise that the processing of personal data should have a clearly defined life cycle, with a start and end to the processing. The data management plan should also indicate whether a Data Protection Impact Assessment (DPIA) is required for the study.
Further information and guidance on the processing of personal data and data management.
In this section, describe the rights, licences, and agreements that apply to the data you use, collect, and process. In principle, you should be able to identify who owns or is responsible for the rights to the data. For this purpose, it is useful to consult the guidance on this subject in more detail. For externally funded projects, the ownership of the data is, in practice, held by the funded organisations; for contract research, by the university; for grant-funded research, by the researcher (unless otherwise agreed); and in other situations, this is assessed on a case-by-case basis. In general, it is important to indicate if the rights need to be agreed upon separately in writing. If the data is owned by an external party, such as an archive or a private party, it is particularly important to agree upon and clarify access rights in the context of the research.
Further information and guidelines on rights and agreements related to research data
This section also provides the opportunity to discuss the rights related to the reuse of the data. It is advisable to use commonly used licenses.