Skip to Main Content
Turku University Library

Research Data

Research data in the Research Council of Finland call

Research Council of Finland requires that the scientific publications on the results of Council-funded research projects are open access, and that the research data produced by the projects are made widely available. The degrees of data openness may justifiably vary, ranging from fully open to strictly confidential. In addition, the Council requires open access to the metadata of scientific publications and research data. For the instructions on open access publishing please see the Open Access Publishing guide.

Application stage

At the application stage, all applicants shall briefly describe their data management in the section "4.3 Open science" of the research plan. All research data and materials produced with funding from the Research Council of Finland are openly available. The degrees of data openness may justifiably vary, ranging from fully open to strictly confidential. If the research data cannot be made openly available in full, the metadata must be stored and opened in a Finnish or international data finder. 

At the application stage, all applicants shall briefly describe their data management in the section "4.3 Open science" of the research plan. Describe the following:

  1. Where the data will be stored and how they will be backed up during the project
    • See Where can I save my data (IT Services) and the University Data Security Description
    • NOTE: Do not use commercial cloud services to save sensitive data. Memory sticks or hard drives are not reliable media for storing research data. Using the University of Turku storage solutions confirms automatic back-ups.
    • Contact information about storage solutions in UTU: data@utu.fi
  2. How any legal and ethical issues related to the sharing of data (e.g. ownership, copyright, sensitivity) will be resolved:
    • Describe in your data management plan how you technically identify, anticipate and manage juridical risks associated with ethics, data protection, and data security in the data management process
    • State in your application that you are aware of different agreements and permissions associated with data management, e.g. in regards to ownership, archiving, opening and reuse of data and if there are needed they will be done.  Legal services help you at legal@utu.fi. NOTE: Make clear agreements with EVERYONE dealing with data as early stage as possible
    • Plan how to share (sensitive) data especially if you have partners outside the UTU/Finland
    • Make a clear distinction between sharing the data during the project and publishing the data
    • Write here only about data sharing. The research ethical questions are addressed  in section 4.1.
  3. Where the data (or a publishable portion of them) will be made available after the project.

If the project does not collect or produce any data fully or partially suitable for reuse, clarify why the data cannot be made available even partially.

Further information about Academy of Finland Data Management guidelines.

In the application’s funding plan, the applicant should consider that the costs associated with storing and sharing research data and material are regarded as overheads for the project’s host organisation, but they may also be legitimately accepted as research costs to be covered with Academy research funding.

Estimate the resources needed (for example, financial and time) to manage, preserve and share the data. Consider the additional computational facilities and resources that need to be accessed, and what the associated costs will amount to. Will you need to hire expert help to manage, preserve and share the data? Do you have sufficient storage space, or will you need to include charges for additional services? How will responsibilities for data management and costs be split across partner sites in collaborative research projects?

After a positive funding decision

A researcher who has received a positive funding decision must submit the actual data management plan. When your application goes to the next stage:

  • be prepared to make a more detailed data management plan. We recommend that you use the DMPTuuli tool to draft the data management plan. In TUULI tool you can find Research Council of Finland guidance on how to draft a data management plan. In the actual data management plan you have to describe the technical and administrative management of data. Describe how you can technically identify, predict and manage juridical risks associated with ethics, data protection, and data security in the data management process.
  • The plan should be no more than approximately three pages long.
  • Send your plan to our research service team: openutu@utu.fi for comments no later that three (3) weeks after received positive funding decision.
  • Make the final version once you have received the comments from the research service team.
  • After completing your plan, send it to the controller-team controller@utu.fi and submit it to the SARA system. Head of department/Director will submit the plan in the online service in connection with applicant approval. 

Guidance

If the research material contains personal data or the data is collected from identifiable persons, the data protection legislation and the guidelines of the Finnish national data protection authority, the Data Protection Ombudsman, on the protection of personal data in scientific research must be observed.

Personal data is all data related to an identified or identifiable individual. Interview material usually always contains personal data. These are, for example, any answers to interview questions that can be linked to a person (occupation, religion, illness, ethnicity) or answers that a third party can connect to a person are all personal data. However, if your research data does not contain personal data, you can ignore the data protection regulations.

Anonymised data no longer contains information that can be linked to a person and is not subject to data protection regulations, but the gathering and processing of data before the data has been anonymised does contain personal data. Simply deleting the names and identification data of the participants from the data does not mean the material is anonymised. Please see the link above for more information.

 

Does the data processed in the research project contain personal data?

NO personal data included → No extra steps needed

YES personal data are included → See steps below

Plan the processing of personal data throughout the research and data retention and document it in the data management plan.

  • Make sure you are adhering to the data-protection principles of the GDPR in your research.
  • Minimising personal data = only collect personal data that’s necessary and proportionate to your research, limit recognition in different phases of research with pseudonymisation and erasing/removing unnecessary personal data. 
  • Purpose limitation = data can be used for a specific, explicit and legitimate purpose → a specific research project is its own purpose.
  • Retention period for storing data = retention period must be specified. 
  • Transparency = inform the participants of the collection and processing of their personal data effectively in person with a data protection notice i.e. a privacy notice. 
  • Pay attention to accountability = document the implementation of the principles and procedures → the data controller must be able to demonstrate they are following data protection regulations.

 

Processing of personal data in practice:

1. Draft a data protection notice, i.e. a privacy notice, that will be given to each research participant before data gathering.

2. Find out who is going to act as a controller, i.e. who determines the purposes and methods of use of personal data. 

3. Choose the appropriate processing basis based on the GDPR (can be scientific research aiming to pursue public interest; or freely given, specific, informed and unambiguous consent).

4. Will the research data containing personal data be transferred to a third party outside the controller’s authority, such as a third party service provider? → Draw up a contract on the processing of the personal data. Primarily use the university’s template titled “Data Protection Appendix” available on the intranet.

5. Will the personal data be transferred to third countries outside the EU/EEA member states? Find out in advance which transfer mechanism is suitable based on the GDPR and what additional safeguards are needed.

6. Can the research facilitate the research subjects’ data protection rights? If not, justify any restrictions of rights and take the necessary measures.

7. Do an initial risk assessment, based on which you can decide if a more thorough Data Protection Impact Assessment (DPIA) is needed. Consult the university’s Data Protection Officer via dpo@utu.fi if necessary.

8. If the University of Turku is the controller of the data, register the basic information of your research into the Research Data Inventory. This will fulfil article 30 of the GDPR and create a record of processing activities, which the controller is required to maintain. 

NOTE! If you are planning on using the data in further research, you have to mention it in the data protection notice at the level that is known at that point. Before the start of the next research project that uses the same data, a new data protection notice has to be issued. If the processing basis is consent, a new consent based on the GDPR is required for further use of the data in the new research project.

 

In addition to data protection, take into account the ethical principles in research that the university is committed to:

  • Ask the research subjects for consent to participate, i.e. informed consent, which is not the same as the basis for processing personal data within the meaning of the GDPR.
  • Find out if you will need an ethical review for your research design.
  • Pick a secure place to store your data and also make sure that the transfer and sharing of the data is secure. 
  • Create a Data Management Plan (DMP) for your research data.

 

Does the research data contain special categories of personal data?

Does the study reveal any so-called special categories of personal data? This type of data will reveal the person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data for identifying a person, data about health, and sexual orientation or activity.

NO special categories of personal data included → No extra steps needed

YES special categories of personal data are included → You will need a separate processing basis for this type of data. The data must be protected with particular care and with appropriate additional protective measures. A data protection impact assessment may also be required as a safeguard measure for processing the data. If any deviations are made to the data protection rights of the research subjects, an impact assessment must be sent to the Office of the Data Protection Ombudsman. Also, remember to write the processing basis in the data protection notice.

When you start planning a research project, you should check what contractual obligations, property rights, necessary data protection, and intellectual property and utilisation issues will concern the research material you are going to collect, produce, or use in the project. The instructions below are suitable for all types of projects, be it a research project by one researcher, or a collaborative project between several researchers and organisations.

The instructions are also applicable regardless of whether the data produced and processed in the project is experimental, observation-based, simulation-based, pre-existing, or qualitative. Below are intellectual property, contract, and data protection instructions, and contract templates you may need to take into account in your data management. In section 3, there is information on licensing and sharing your research data.
 

1. Intellectual property (ownership, copyright, inventions, patenting, and utilisation of results)

1.1 Who owns / who has access rights to your research material?
  • If you are doing contract research = your project has an external funder, such as Academy of Finland (SA), Business Finland (BF), the EU, or it is a paid service activity or other type of business cooperation.
  • Will the research process produce outputs subject to copyright law?
1.2 Will the research result in an invention, or are you interested in using your research materials or results commercially?

No    → No extra steps needed.
Yes  → See the instructions in the links below.

2. Contracts/Agreements

2.1 Could any parts of the research material be considered confidential?

No     → No extra steps needed.
Yes   → Sign a Non-Disclosure Agreement or take the company's confidentiality agreement into account.
 

2.2 Will you transfer research material or data to another researcher or organisation?

No     → No extra steps needed.
Yes   → Sign a Material Transfer Agreement.
 

2.3 Is the research / project connected to the funding done with another organisation?

No     → No extra steps needed.
Yes   → Sign a Research Agreement or a Cooperation Agreement. If the contract is signed with a funder, ask for a model contract from the funder. If the funder does not have a model, see further instructions.
 

2.4 Does your research data contain personal data?

No     → No extra steps needed.
Yes   → Check the tab titled “Personal information and sensitive data”, which personal data processing agreements apply to your project.
 

2.5 Will the project acquire paid research material or will an external operator be commissioned to produce the material?

No     → No extra steps needed.
Yes   → Go through the university's procurement guidelines.
 

3. Licencing

The University of Turku recommends, to the extent it is possible, that research data should be archived in a general or discipline-specific open access archive or repository for further use. Therefore, the data should be licenced under a Creative Commons license or equivalent. Creative Commons licences are standard licenses used to determine the terms of use of research data.