Skip to Main Content

Researcher's guide to responsible and open science

Data processing and analysis

When processing data, remember to ensure the confidentiality, accuracy, and information security of the process throughout the research project. In a research group, it is always a good idea to define the roles, rights, responsibilities, and obligations of the data processors. If any third parties are involved in the processing of the data, clearly define the roles and responsibilities. If necessary, remember to draw up a non-disclosure agreement if the data being processed is classified or confidential. If you receive data for processing from third parties, always comply with the potential conditions set for analysis and processing (e.g. processing environment).

The data can be processed manually or by utilising various software and tools designed for data processing. The rule of thumb is that services and tools supported by the Tampere University community should be the ones primarily used in analysing data. Discretion should be exercised when using commercial or AI-based tools. Their use is at one's own risk, and the University does not have the means, for example, to recover lost data or guarantee that the information security solutions of the selected tool or service are appropriate. The Information security guidelines in the University's intranet contain more information on the University's policies regarding artificial intelligence.

In the services provided centrally by the University community, information security has been taken into account through e.g. access rights management, verification policy, maintenance rules and agreements, audits, and special security solutions. Regular information security and data management trainings also play an important role in ensuring that data are handled responsibly.

To assess the suitability of the storage and processing environments available in the University community’s IT service list, several issues must often be considered: the sensitivity of the data, the technical preconditions set for the data, the legal framework, user management, and the costs. The selection should always be based on a risk assessment.

If you need IT services for processing data, please contact the University community’s IT for research. In many respects, general data management services are suitable as tools for researchers, but there are also services and capacity acquired specifically to support research work. Through IT for research, it is also possible to get help in using services provided by partners. IT for research provides advice on choosing suitable services and, if necessary, acts as a connection to for example CSC.

If you cannot find the service or tool you need for processing and analysing data among the tools already available or provided by the Tampere University community, you can ask about obtaining it from the IT contact persons (intranet) or at Please note however, acquiring new software requires not only potential financial resources, but also careful familiarisation with the terms and conditions of use and contracts, as well as verifying information security and data protection policies. The University community’s IT for research has compiled a list of software (intra) that cannot be used on Tampere University community computers. These include among others all Chinese and Russian software, as well as all new free grammar checking or proofreading software, and AI-powered translation and transcription software.

Read more about the IT services offered by IT for research.

Information security in data processing

Information security for data means protecting data from external and internal threats, such as accidents, errors, and unauthorised use. The level of information security should be considered in relation to the nature of the data and potential risks. When it comes to confidential data and data containing personal information, special attention should be paid to information security.

When planning the life cycle of your research, and your research data at different stages of that life cycle, consider information security from at least two perspectives: how to protect the data from loss and, on the other hand, how to ensure that it is not possible to access it without permission.

Measures to improve information security:

  • Encrypt sensitive data before storing or transferring it, and define:
    • Which part of the data is encrypted? If possible, separate sensitive data from other data.
    • Which encryption tool do you use - e.g. encrypting attachments/email (intra), and encrypting files with Cryptomator and VeraCrypt (pdf) encryption software.
    • Who manages encryption keys and passwords.
  • Note that simply deleting data does not erase data.
  • Do not use external hard drives as the main storage solution.
  • If data can be accessed remotely, use a secure connection.
  • Use storage solutions supported by the Tampere University community.

See Tampere University community's Information Security Policy and, if necessary, ask for more information at

Secure storage of data during research

Store the data in a safe place provided and maintained by your organisation.

When choosing a repository for your research data, you should consider the following:

  • What kind of research data are you collecting and producing? How are you going to process it? (the type and amount of data may limit the use of some storage options)
  • How do you plan to save, store, use, backup, or transfer your research data? TIP: if your data contains personal data, a separate agreement must be made on their transfer outside the EU/EEA (TIA = transfer impact assessment (intranet).
  • Who will you share your research data with?
  • What kind of access control do you need for your research data?
  • Do you intend to modify your research data during the research?
  • Does your data contain sensitive material? Does it contain personal data? TIP: You can read more about the special features of processing data containing personal data on the page Personal data in research of this guide..

By considering the answers to the above questions, you will be able to choose the most suitable storage location more easily for your research data. The storage services provided by the Tampere University community can be tailored to different needs.

Services suitable for storing research data at the Tampere University community:

  • Personal storage space (home directory).
  • Cloud storage and shared directories for projects - Office 365: OneDrive for Business (TUNI), instructions: TUNI Groups.
  • Storage on a virtual server.
  • IDA – Research data storage service.

Read more about the storage services at the Tampere University community. Contact us if you need more information:


Backups and version control

Creating backups

With backups we refer to the creation of additional copies of data. These copies can be used if the original version is damaged or destroyed. It's a good to have at least three copies of your data, and to store them in different locations.

  • The original - local copy - "remote copy"

Many storage solutions create backups automatically, and some also have version control features. Do not rely solely on automated solutions. Make sure you also have other copies of your research data.

  • We recommend that older backups are not deleted or overwritten.
  • It's a good idea to regularly review and validate backups by comparing them with the original copy.
  • Use the automatic backup provided by your storage solution and keep your own backup as well.

Automatic backups for computers maintained by the University's IT services are always carried out over an encrypted connection.

Version control

The purpose of version control is to make copies of files as they are processed. This allows you to revert to previous file versions if necessary. With systematic version management, you can control different versions of files consistently. At its simplest, version control can be based on saving multiple versions of a file as you make changes to it, and naming the file descriptively enough to know which version it is. This can be workable method if only you handle the file. If several people work with the same file, it is a good idea to agree on common rules for implementing version control so that everyone works in the same way.

Some storage services offer additional version control features such as snapshots and backup versioning, while others automatically create a new version of the file each time it is edited. Some storage services offer version branching and merging. The purpose of version control tools is to make your work easier, and usually help in situations where, for one reason or another, the user's own version control does not work. These automatic and technical version control tools do not replace the researcher's own version control, but are intended to help in situations where, for example, data needs to be restored from old backups.

Practical tips:

  • Decide in advance how many versions of a file to keep, which versions to keep, and how to organise your files.
  • Rename files systematically and consistently.
  • Save changes.
  • Keep track of file locations.
  • Synchronise files.
  • Use a single location for original files.
  • Have careful control over who can edit files and how.


Research data disposal

If the data has not been designated for digital preservation, and the research does not involve e.g. a funding body that has requirements regarding the storage period of the data, the researcher can determine the necessary retention period for the data. If, for example, a doctoral dissertation or other thesis has already been approved and published, and there is no longer a need to store the data, it can be disposed of in a secure manner. If the material contains personal data, it should be destroyed as soon as the need and purpose of use have ended.

If data must be destroyed at the end of the research, simply deleting files with the delete option and emptying the computer’s Recycle Bin is not a sufficient way to destroy research data. You will need to use separate software that allows you to overwrite the data or magnetise the hard drive. It is also possible that a physical storage location (such as an external hard drive) is destroyed by mechanical shredding.


P. 0294 520 900

Kirjaston kotisivut | Library homepage

Palaute | Feedback