Introduction

This document describes the policy for research data management within the Faculty of Behavioural and Human Movement Sciences (FGB) and defines how the principles described in the VU Research Data Management Policy (Version 2.0, 17-2-2020) are to be implemented at the faculty level. The policy is also informed by the VSNU Code of Conduct for Research Integrity, the VSNU Code of Conduct on the Use of Personal Data in Scientific Research, the Federa Code of Conduct for Responsible Use of Human Tissue in Medical Research, the Federa Code of Conduct for the Use of Data in Health Research, the Standard Evaluation Protocol (SEP 2015-2021), ICH Good Clinical Practice Guidelines, the Medical Research with Humans Act (WMO), the Medical Treatment Agreement Act (WGBO), the General Data Protection Regulation (GDPR) and the national implementation of the GDPR (UAVG).

Data are defined within FGB and this policy as digital/digitizable information (spreadsheets or databases consisting of values representing quantitative or qualitative variables; audiovisual recordings; transcriptions; imaging data) and non-digitizable data (human or animal tissue samples, handwritten notes, paper consent forms) in so far as the non-digitizable data must be maintained in their original form for a certain period of time.

Purpose of this Policy

This policy supplements the VU Research Data Management Policy by:

  1. Defining the roles and responsibilities within the FGB regarding research data management

  2. Advising researchers on the balance between open science and data protection legislation

  3. Informing FGB researchers of FGB specific tools, guidelines and support services for research data management

Definitions

  • Research project: The research activities described in a research proposal that is submitted for ethical review. If ethical review is not applicable, a research project is any research activity aimed at answering a hypothesis; all activities aimed at answering one overarching hypothesis can be described as a single research project.

  • Personal data: Any data that can be linked to an individual person. Data may directly identifiable (generally, name, address, photographs or videos of faces) meaning it requires little to no effort to determine who the data belong to. Data may also be indirectly identifiable, meaning that more effort as well as additional information are required to determine who the data belong to. Indirectly identifiable data include genetic information, data that are unique to an individual (e.g. MRIs, EEGs), datasets with extreme or unusual values (e.g. extreme physical measurements unique to elite athletes, highly unique employment history) or any other characteristics about a person (e.g. ethnicity, gender, occupation and/or education) that when combined in one record, single out that person as unique within a dataset. Indirectly identifiable data may not immediately identify an individual, but they provide the potential for identification of the person whom the data are about.1

NB: Personal data do not necessarily need to be considered “sensitive” data to receive protection under the GDPR. If data meet the criteria above, they must be handled in accordance with the GPDR, regardless of whether they could be considered sensitive or not.

  • Confidential data: Data which may only be accessed by authorized individuals. Personal data are one type of confidential data, but the term also applies to details about a business and its management, intellectual property, proprietary information etc.

  • Archiving research data: The long-term storage of research data in a manner that prevents modification, loss, damage or obsolescence of those research data in order to: uphold research integrity; allow for the replication of research results and; where appropriate, ensure the research data remain (re)useable well into the future.

  • Publishing research data: An extension of archiving research data: published data are also findable, accessible and reusable by other researchers. This does not mean that data are open access; access to the data can be restricted and granted upon request. Effectively published research data should describe how one can gain access to the data if access is restricted.

NB: Even if access to research data is restricted, the metadata and documentation about a research project should be published openly, as long as there is no confidential or privacy-sensitive information present. This helps to make data findable, informs others about how data can be accessed, and promotes data as a form of research output for which researchers can receive recognition.

  • Metadata: Data that describe and explain details about the research data so that the research data can be found, properly understood and reused well into the future.

  • FAIR principles: Guiding principles for managing research data, and the associated metadata, so that the (meta)data can be properly understood, interpreted and reused. FAIR (meta)data should be findable, accessible, interoperable and reusable.

  • Interoperable (meta)data: (Meta)data that are findable, accessible and reusable by machines regardless of software or operating system.

Policy Principles

In addition to the points listed in the general VU Research Data Management Policy, the following policy principles apply within the FGB:

  1. Research data management is an essential component of every research project. This means:

    1. At a minimum, every new research project from the implementation date of this policy requires a data management plan if that project receives external funding.
    2. Ongoing longitudinal cohort studies are advised to implement data management plans if this has not already been done.
    3. Research projects without external funding are still advised, but not required, to complete data management plans.
    4. Research projects that started prior to the implementation date of this policy should, at a minimum, write a plan for archiving the data created during the research project.
    5. Data management plans should be updated whenever there are significant developments in a research project that impacts the collection, processing, analysis, storage, publication and/or deletion of the data.
  2. Data should be made accessible for reuse through the application of the FAIR principles, while also respecting the constraints of privacy, ethics, facilities, and finances.1, 2

  3. Effective research data management skills and the FAIR-principles are essential elements in the education of PhD candidates and students following research-based Masters and Bachelors programs.

  4. Research data management requires teamwork within the faculty. Every individual should know their own responsibilities, but should also be aware of the support services available to them and make use of these services, as required.

Responsibilities

Researchers

  1. It is assumed that researchers know and apply the VSNU Scientific Code of Conduct for Research Integrity, the VSNU Code of Conduct on the Use of Personal Data in Scientific Research, the VU RDM Policy, and the FGB RDM policy. Researchers conducting research projects that fall under the purview of the WMO should also be familiar with the relevant legislation and codes of conduct as described by the CCMO and the VUmc METc.

  2. Researchers who work with personal data are required to understand and comply with the privacy requirements of the GDPR and UAVG and conduct their research in a manner that ensures that data privacy, confidentiality and integrity are maintained throughout the project

    1. Researchers are expected to comply with the requirements for a personal data processing register
    2. Researchers must ensure that students and interns working temporarily within FGB can work in a manner that meets all privacy requirements.3
    3. Students, interns and other individuals not officially working for the VU, but for whom the VU is responsible, must sign a confidentiality statement if they will be working with confidential and/or personal data.3
    4. Researchers who supervise research assistants and/or data managers must ensure that these individuals are sufficiently aware of their privacy requirements and that they are able to transport and/or access data securely when working remotely.4
  3. Researchers are responsible for determining who is allowed to access (some of) the research data both within the faculty and between institutions. Senior researchers, project coordinators and project leaders should assist junior researchers and interns with this determination; advice from the FGB privacy champion and/or FGB research data officer can be requested, in cases of uncertainty.

    1. Researchers are responsible for completing the appropriate agreements with external parties prior to starting a research project.
      1. For research using personal data, a joint controller agreement should be completed between all parties that are responsible for and have access to (some of) the personal data. A processing agreement must be signed if a third-party processor has been hired to process personal data on behalf of the VU. Researchers should contact the FGB privacy champion for advice on which agreements need to be signed and for copies of model agreements that can be used for these purposes.
      2. It is recommended that for any collaborative, multi-institutional projects, researchers set up collaboration and/or consortium agreements with all involved parties prior to the commencement of the research project to address issues such as data ownership, intellectual property rights, author rights and so forth. Researchers should contact IXA for support with these types of agreements.
      3. If data will be obtained from or shared with third parties that are otherwise not involved in the research project, it is recommended that a data transfer agreement be signed by both parties. Researchers can contact IXA for support on setting up such an agreement or for reviewing any agreements that have already been drawn up by the third-party.
      4. If data are obtained from a third party that did not actively share the data with the FGB researchers, the FGB researchers must ensure that they are allowed to use these data.
      5. If data obtained from a third-party are about human subjects, the researcher should confirm with the FGB privacy champion that they are allowed to use the data, regardless of whether the third party claims that the data are anonymous.
  4. Researchers are responsible for determining which documents (e.g. data management plans, data protection impact assessments, data classifications etc.) must be completed for their research project and for the completion of these documents early in the planning stages of their research

    1. The completion of documents may be delegated, but senior researchers (project leaders, project coordinators and, where applicable, department heads) are ultimately responsible for the content of these documents.
    2. All researchers and research assistants involved in a project should review and comply with the research data management plan. Researchers should seek advice from experts (1. data managers for the project, 2. the FGB research data officer or 3. University Library RDM experts) when writing the data management plan so that potential problems and possible solutions can be identified prior to the commencement of the research project.
    3. Researchers should update documents as needed, as well as maintaining project-specific metadata (e.g. lab notes, logbooks, code/syntax/scripts for cleaning and analysing the data, codebooks etc.) throughout the research lifecycle.
    4. Researchers should instill good documentation and data management practices in any students or interns under their supervision, particularly when the research conducted by these students is used for publications and/or future research projects.
  5. Researchers are expected to determine the appropriate facilities, systems and tools for effective research data management, seeking advice from ITVO, TO3 and the FGB research data officer as required.

  6. Researchers are expected to seek advice regarding the ethics and scientific integrity of their research. They are responsible for determining if the project must be approved by an METc, the CCMO or an external body as required by their research funder. If none of these conditions apply, researchers are strongly advised to submit their research proposals to the Scientific and Ethical Review Board (VCWE) for ethical review, while recognizing that the VCWE cannot be held accountable for the researchers’ ethical conduct.5

  7. Research data must be archived according the local FGB implementation of the DSW National Guidelines on Archiving.6

    1. Whether or not metadata and documentation from a research project are openly published, researchers should ensure that this information is registered in CRIS/PURE for VU reporting purposes on all archived data. If metadata and documentation have already been published elsewhere, researchers can contact the CRIS administrator () and request that the administrator register this information on the researchers’ behalf in CRIS/PURE.

Department heads

  1. Department heads7 are ultimately responsible for the data collected by researchers in their department. In addition to supporting the management of research data when researchers terminate their employment at the VU (as described in the VU RDM policy under Responsibilities, articles 2 and 7):
    1. Departments heads will represent the “data owner” in documentation where a specific individual must be named, such as on data classification forms;
    2. Department heads are responsible for maintaining reading rights to all archived research data within their department.

Faculty board

  1. The board will require the teaching of FAIR data management principles in the bachelor, masters, and graduate level curricula.

    1. For further information on this topic, contact Marleen de Moor, FGB Coordinator Methods-Curriculum Bachelor Programmes Psychology and Education.
  2. The board will assess and ensure the compatibility between the RDM policies of the faculty and the interdisciplinary institutes.

  3. The faculty board will report to the university board about the RDM policy for the FGB.

  4. The board will appoint a research data officer who will:

    1. Develop and maintain a library of tools, guidelines, protocols and courses that help FGB researchers to comply with good RDM practices and to promote the achievement of the FAIR data principles;
    2. Provide advice to FGB staff about RDM and privacy issues, as required;
    3. Maintain a network of communication with FGB department-level data managers and research data support services from other faculties and the VU library;
    4. Conduct internal audits to monitor compliance with this RDM policy.

Faculty director

  1. The director will ensure the proper functioning, security, and reliability of FGB facilities for data storage and management.

  2. The director will sign contractual agreements with third parties, such as processing agreements with data processors, data sharing agreements and so forth, on behalf of the Stichting VU.

Inter-faculty institutes

  1. For institutions that span multiple faculties, a separate RDM policy may be created, while still acknowledging the spirit of the policies from the respective faculties. Any major conflicts in RDM policy between faculties can be discussed with the research data officers or data stewards from the respective faculties and with the University Library RDM experts to determine an appropriate compromise.

Procedures

  1. This RDM policy takes effect as of February 1, 2019. All responsible parties are expected, at this time, to be aware of their tasks and to have reviewed any applicable documents.

  2. The data archiving requirements will be phased in over the course of 2019. The FAIR data practices will be introduced in 2019 and their application to research activities is strongly recommended, but not an absolute requirement. Reassessment will take place in the fall of 2019 and will be included in the FGB annual report for 2019.

  3. Research institutes will report annually on their activities to support data management.

Facilities and Support

  1. The FGB provides access to mass storage with backups within the VU network. Expansion needs will be evaluated annually.
    1. The FGB, in collaboration with the other faculties, will work to improve upon existing mass storage options to create solutions specific to the types of data created within the FGB that also meet the research requirements of FGB researchers. A particular focus will be given to extremely large data files.
    2. Support for complex IT and/or security questions can be sought via the RDM Support Desk. Details are described in article 3 under “Facilities” of the VU RDM Policy.
    3. Any potential data breach must be reported immediately to the IT Service Desk ().
  2. FGB researchers can request support from the faculty’s Technical Support Department (TO3). TO3 technicians manage and develop the labs, equipment, devices, software and hardware that are necessary for high quality research within the FGB. Tasks include developing apps and web forms, providing support with online questionnaires, developing innovative research solutions such as Wi-Fi-enabled accelerometry or non-invasive stress measurements, and providing technical support in a variety of laboratory settings, ranging from human movement and psychological experiments to animal- and cell-based research.
    1. Researchers requiring technical support should contact the TO3 technicians as early as possible in their project planning.
  3. The research data officer for the FGB can be contacted () for questions about research data management, data management plans and the FAIR data principles.
    1. Support for research data management, alongside policies and guidelines, can also be found on the page Research Data Management at FGB.
  4. Researchers can contact the FGB privacy champions () for support on privacy issues in their research project. A privacy champion is the first point of contact, but if an issue is particularly complex the question will be elevated to the privacy lawyers from the VU Legal and Institutional Affairs Department.
    1. Support for privacy concerns can also be found on the page Research Data Management at FGB.
  5. Lawyers from IXA () can be contacted to draw up legal agreements that go beyond privacy requirements, such as consortium agreements, data sharing/transfer agreements, data ownership agreements etc. IXA can also support researchers with questions about the intellectual property created during a research project and the potential for patenting that intellectual property. See the IXA webpage for more information on the types of agreements that IXA can help with.

  1. Almost all data about human subjects are considered personal data under the GDPR. The vast majority of the data collected at FGB are about human beings and should therefore be treated as personal data unless you have confirmed with an expert that the data are anonymous. This reference card on anonymity from the National Coordination Point for RDM further explains this concept.↩︎

  2. See FGB Policy Principles on the GDPR for important legal implications with regards to privacy.↩︎

  3. See FGB Security Tips: The Basics, particularly FGB Security Tips: Safe Practices for Students Working With Research Data for more information.↩︎

  4. See FGB Security Tips: The Basics and the associated In-Depth Guides.↩︎

  5. The faculty implementation of the Code of Ethics for Research in the Social and Behavioural Sciences Involving Human Participants outlines the ethical standards expected of every FGB researcher.↩︎

  6. Detailed information on the requirements for data archiving within the FGB can be found in the FGB Implementation of the National Guidelines for Archiving of Academic Research for Faculties of Behavioural and Social Sciences. For research projects conducted by an interdisciplinary research institute, the institute may have separate guidelines on archiving data.↩︎

  7. In this section, the responsibilities of a department head are tied to the position of department head, not the individual. When one individual steps down from this role, the new individual takes over the responsibilities of their predecessor.↩︎