If you have any questions or need our help with open science issues or writing a data management plan, please contact us at openutu@utu.fi. The experts at the university's Services for Research are there to help you.
Research Council of Finland requires that the scientific publications on the results of Council-funded research projects are open access, and that the research data produced by the projects are made widely available. The degrees of data openness may justifiably vary, ranging from fully open to strictly confidential. In addition, the Council requires open access to the metadata of scientific publications and research data. For the instructions on open access publishing please see the Open Access Publishing guide.
At the application stage, all applicants shall briefly describe their data management in the section "4.3 Open science" of the research plan. All research data and materials produced with funding from the Research Council of Finland are openly available. The degrees of data openness may justifiably vary, ranging from fully open to strictly confidential. If the research data cannot be made openly available in full, the metadata must be stored and opened in a Finnish or international data finder.
At the application stage, all applicants shall briefly describe their data management in the section "4.3 Open science" of the research plan. Describe the following:
If the project does not collect or produce any data fully or partially suitable for reuse, clarify why the data cannot be made available even partially.
Further information about Academy of Finland Data Management guidelines.
In the application’s funding plan, the applicant should consider that the costs associated with storing and sharing research data and material are regarded as overheads for the project’s host organisation, but they may also be legitimately accepted as research costs to be covered with Academy research funding.
Estimate the resources needed (for example, financial and time) to manage, preserve and share the data. Consider the additional computational facilities and resources that need to be accessed, and what the associated costs will amount to. Will you need to hire expert help to manage, preserve and share the data? Do you have sufficient storage space, or will you need to include charges for additional services? How will responsibilities for data management and costs be split across partner sites in collaborative research projects?
A researcher who has received a positive funding decision must submit the actual data management plan. When your application goes to the next stage:
Training videos:
Data management - how to write about data management in application stage? (duration about 16 min)
Research Council of Finland call for funding proposals - publication plan (duration about 12 min)
If the research material contains personal data or the data is collected from identifiable persons, the data protection legislation and the guidelines of the Finnish national data protection authority, the Data Protection Ombudsman, on the protection of personal data in scientific research must be observed.
Personal data is all data related to an identified or identifiable individual. Interview material usually always contains personal data. These are, for example, any answers to interview questions that can be linked to a person (occupation, religion, illness, ethnicity) or answers that a third party can connect to a person are all personal data. However, if your research data does not contain personal data, you can ignore the data protection regulations.
Anonymised data no longer contains information that can be linked to a person and is not subject to data protection regulations, but the gathering and processing of data before the data has been anonymised does contain personal data. Simply deleting the names and identification data of the participants from the data does not mean the material is anonymised. Please see the link above for more information.
NO personal data included → No extra steps needed
YES personal data are included → See steps below
Plan the processing of personal data throughout the research and data retention and document it in the data management plan.
1. Draft a data protection notice, i.e. a privacy notice, that will be given to each research participant before data gathering.
2. Find out who is going to act as a controller, i.e. who determines the purposes and methods of use of personal data.
3. Choose the appropriate processing basis based on the GDPR (can be scientific research aiming to pursue public interest; or freely given, specific, informed and unambiguous consent).
4. Will the research data containing personal data be transferred to a third party outside the controller’s authority, such as a third party service provider? → Draw up a contract on the processing of the personal data. Primarily use the university’s template titled “Data Protection Appendix” available on the intranet.
5. Will the personal data be transferred to third countries outside the EU/EEA member states? Find out in advance which transfer mechanism is suitable based on the GDPR and what additional safeguards are needed.
6. Can the research facilitate the research subjects’ data protection rights? If not, justify any restrictions of rights and take the necessary measures.
7. Do an initial risk assessment, based on which you can decide if a more thorough Data Protection Impact Assessment (DPIA) is needed. Consult the university’s Data Protection Officer via dpo@utu.fi if necessary.
8. If the University of Turku is the controller of the data, register the basic information of your research into the Research Data Inventory. This will fulfil article 30 of the GDPR and create a record of processing activities, which the controller is required to maintain.
NOTE! If you are planning on using the data in further research, you have to mention it in the data protection notice at the level that is known at that point. Before the start of the next research project that uses the same data, a new data protection notice has to be issued. If the processing basis is consent, a new consent based on the GDPR is required for further use of the data in the new research project.
In addition to data protection, take into account the ethical principles in research that the university is committed to:
Does the study reveal any so-called special categories of personal data? This type of data will reveal the person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data for identifying a person, data about health, and sexual orientation or activity.
NO special categories of personal data included → No extra steps needed
YES special categories of personal data are included → You will need a separate processing basis for this type of data. The data must be protected with particular care and with appropriate additional protective measures. A data protection impact assessment may also be required as a safeguard measure for processing the data. If any deviations are made to the data protection rights of the research subjects, an impact assessment must be sent to the Office of the Data Protection Ombudsman. Also, remember to write the processing basis in the data protection notice.
When you start planning a research project, you should check what contractual obligations, property rights, necessary data protection, and intellectual property and utilisation issues will concern the research material you are going to collect, produce, or use in the project. The instructions below are suitable for all types of projects, be it a research project by one researcher, or a collaborative project between several researchers and organisations.
The instructions are also applicable regardless of whether the data produced and processed in the project is experimental, observation-based, simulation-based, pre-existing, or qualitative. Below are intellectual property, contract, and data protection instructions, and contract templates you may need to take into account in your data management. In section 3, there is information on licensing and sharing your research data.
No → No extra steps needed.
Yes → See the instructions in the links below.
No → No extra steps needed.
Yes → Sign a Non-Disclosure Agreement or take the company's confidentiality agreement into account.
No → No extra steps needed.
Yes → Sign a Material Transfer Agreement.
No → No extra steps needed.
Yes → Sign a Research Agreement or a Cooperation Agreement. If the contract is signed with a funder, ask for a model contract from the funder. If the funder does not have a model, see further instructions.
No → No extra steps needed.
Yes → Check the tab titled “Personal information and sensitive data”, which personal data processing agreements apply to your project.
No → No extra steps needed.
Yes → Go through the university's procurement guidelines.
The University of Turku recommends, to the extent it is possible, that research data should be archived in a general or discipline-specific open access archive or repository for further use. Therefore, the data should be licenced under a Creative Commons license or equivalent. Creative Commons licences are standard licenses used to determine the terms of use of research data.