Store and share

Tools for data storage and sharing

As the research process proceeds, there is a need to transfer datasets for storage. At the same time, it is often also necessary to share parts of data and related access rights with other researchers over a data network. It is therefore essential to take care of data protection and data security issues. Sensitive data must not be transferred online without adequate safety measures. Bear in mind that storing datasets on the hard discs of workstations, memory sticks, and USB drives is in principle a risk in terms of data protection and data security!

JYU storage services are being developed to cover all phases of data processing, from collection up to storing and sharing between project partners and collaborators.

For non-sensitive data, the University offers

For sensitive and highly confidential data, e.g. special category personal data, options include: 

  • For small (max. 50 MB/file) sensitive datasets, CollabRoom cloud service (instructions currently only in Finnish) for storage and sharing 
  • The national CSC Sensitive Data services (requires free registration to use CSC services; after that, access to services with JYU Haka authentication): SD Connect for storing and sharing, SD Desktop for processing and analysing. Note the current restrictions for SD services: SD Connect is not yet audited for secondary use of social and health data, auditing against Findata requirements underway [05/2022]. During 2022, SD Desktop only runs open source office and analysis software: LibreOffice, Python, R + R, see full listing). 
  • The University's S: and U: network drives (Digital Services recommends file encryption). Sharing of sensitive data is done using security email

Nextcloud, CollabRoom, the CSC Sensitive Data services, and are suitable for sharing data also with partners outside the University. 


University systems automatically take regular backups. However, you should plan and implement backups at the stage when you make significant edits to the data. Preserve the original files, i.e., the so-called master files separately from the analysis files and make all edits to the analysis files. This way, the data will not be lost if an error occurs in the data processing. NB! CSC's SD Connect does not offer automated backup for data. 

Access control 

  • Name and document the person in charge who oversees access control to the files.
  • Maintain information about who has accessed the data and who has access to any part of the data.
  • Define who has the rights to view, edit, and delete the data.
  • If you process personal information or other confidential or sensitive information, please specify who has access to it.
  • On what basis has each access (edit, view, delete) been granted?
  • How are controls implemented in practice (eg password-protected access, change log monitoring, encryption, physical space monitoring, locked lockers)?
  • If you process specific categories of personal data, make sure you follow the description you provide to the subjects.

Describe your planned measures in your data management plan.

Storing and sharing personal or sensitive data

If your data contains personal or otherwise sensitive information, store it in the original storage device whenever possible. For maximum data protection, personal data should not be transferred outside the original storage location such if it can be avoided, e.g., to a separate analysis excel workbook. When kept and processed in the original location, it is easier to keep automated log to monitor who has had access to the data.

When transferring personal data, make sure that you know exactly who receives it at the other end. Ensure your legal right to transfer personal data by informing your study subjects about who handles their personal information, why, and how, at the beginning of your project using the data privacy notice. If you cannot use the University's Nextcloud, CollabRoom, or tools for sharing and have to use email, security email or encryption of attached files are necessary.

Sometimes data must be transferred outside the EU and the European Economic Area. This can be the case if e.g. appropriate analysis equipment only exists in some particular location. Special legal obligations must be taken into account for personal information transferred outside the EU-EEA area. If this is topical to your study, consult the University's Data Protection Officer.