UTUGuides: Research Council of Finland DMP: 2. Ethical and legal compliance

2.1 Legal issues
2.2 Rights related to the data

What legal issues are related to your data management? (For example, GDPR and other legislation affecting data processing.)

What kind of contractual obligations or research ethics issues are linked to research data that you collect or produce? If you use data produced by others, how do you resolve legal and ethical questions in that case? If you process personal and/or sensitive data, how will you take care of data protection?

Demonstrate in your data management plan that you are aware of the possible pitfalls related to handling your data and describe how you take them into account.

What kind of personal data do you collect?
How will you protect and process personal and/or sensitive data?
Will you anonymise or pseudonymise research data? How will you do it in practice?
Does your research require a DPIA - Impact Assessment or ethical review? In case it does, describe what it means in practice?

For more information, please see

Research Ethics at the University of Turku
Turku University Information Security Guide (in Finnish, UTU-id required)
Data Protection (UTU-id required)
Personal and sensitive data

How will you manage the rights of the data you use, produce and share?

Who owns the data that is used, produced or reused in research? What kind of agreements between researchers or external partners should you draw up? Describe in your data management plan, who has the right to decide how the data is used: who can use, share, store and archive data?

Agree on rights and responsibilities related to data in the early stages of the project. It’s recommended to draw up written agreements. If you are reusing data, describe what you have agreed upon about the data with the data owner.

Research Council of Finland recommends that data, codes and software created within projects are made openly available for reuse under relevant licences.

For more information, please see