Research Data Management: Data protection and personal data

Every research data involves the questions of rights, legal and ethical issues. Show that you are aware of the relevant legislation related to your data processing. Get familiarised with Data protection path of research in Tampere higher education community.

• Does your data include personal information? The term personal data refers to all information relating to an identified or identifiable natural person. Personal data include, for example, name, address, an identification number, location data, an IP address, an online identifier, a photograph, dietary data, health data, or other data that on its own or combined with other data tells something about a specific individual.
• If personal data are processed in your research, Data Protection Act will apply to it.
• The basis for collecting, processing and storing personal data for research purposes must always be described in the research plan and in the data management plan.
• Does the research include sensitive data (i.e. a specific category of personal data)?
• Does your work require a research permit or ethical review?
• Do you work with other confidential data (e.g., commercial or company data, trade secrets, military information, sensitive species data)?
• Explain what are the risks (.docx) involved and how are they managed.

In your DMP, the focus should be on the ethical aspects of the data management whereas the ethical issues related to your research methods are covered in the research plan.

Guidelines for handling personal information in research

• Data protection path of research in Tampere higher education community.
• Instructions for students concerning data protection.
• Information security and data protection in teaching.
• Anonymisation and personal data (FSD)
• Informing research participants about the processing of their personal data (FSD)
• Short video about Legal Aspects of Data by Maria Rehbinder from Aalto University
• Contact information: Data protection officer dpo@tuni.fi 

Further information

• Scientific research and data protection (Office of the data protection ombudsman)
• Data protection recommendation for GLAM sector (In Finnish, Finnish GLAM jurisprudence group)

Collecting and processing special categories of personal data (or “sensitive data”) is possible for scientific or historical research purposes or statistical purposes (article 9, EU’s General Data Protection Regulation). Special categories of personal data include:

• racial or ethnic origin
• political opinions
• religious or philosophical beliefs
• trade union membership
• sexual orientation
• information about a person’s health
• criminal convictions and offenses
• genetic or biometric data processed for uniquely identifying a person.

When sensitive data belonging to special categories are collected, consent must be explicit. Sensitive data also requires specific protection because there is a significant risk to the fundamental rights of the individual. In the data management, actions intended to minimise the risks of revealing sensitive information must be taken care of during the entire data lifecycle.

Read more: Additional instructions for planning the management of sensitive and confidential data 2019

Is there something you did not found in this guide? Or is some important information missing? You can always contact us for further information, and we will help you with the research data management.