This document describes the policy for research data management within the Faculty of Behavioural and Human Movement Sciences (FGB) and defines how the principles described in the VU Research Data Management Policy (Version 2.0, 17-2-2020) are to be implemented at the faculty level. The policy is also informed by the VSNU Code of Conduct for Research Integrity, the VSNU Code of Conduct on the Use of Personal Data in Scientific Research, the Federa Code of Conduct for Responsible Use of Human Tissue in Medical Research, the Federa Code of Conduct for the Use of Data in Health Research, the Standard Evaluation Protocol (SEP 2015-2021), ICH Good Clinical Practice Guidelines, the Medical Research with Humans Act (WMO), the Medical Treatment Agreement Act (WGBO), the General Data Protection Regulation (GDPR) and the national implementation of the GDPR (UAVG).
Data are defined within FGB and this policy as digital/digitizable information (spreadsheets or databases consisting of values representing quantitative or qualitative variables; audiovisual recordings; transcriptions; imaging data) and non-digitizable data (human or animal tissue samples, handwritten notes, paper consent forms) in so far as the non-digitizable data must be maintained in their original form for a certain period of time.
This policy supplements the VU Research Data Management Policy by:
Defining the roles and responsibilities within the FGB regarding research data management
Advising researchers on the balance between open science and data protection legislation
Informing FGB researchers of FGB specific tools, guidelines and support services for research data management
Research project: The research activities described in a research proposal that is submitted for ethical review. If ethical review is not applicable, a research project is any research activity aimed at answering a hypothesis; all activities aimed at answering one overarching hypothesis can be described as a single research project.
Personal data: Any data that can be linked to an individual person. Data may directly identifiable (generally, name, address, photographs or videos of faces) meaning it requires little to no effort to determine who the data belong to. Data may also be indirectly identifiable, meaning that more effort as well as additional information are required to determine who the data belong to. Indirectly identifiable data include genetic information, data that are unique to an individual (e.g. MRIs, EEGs), datasets with extreme or unusual values (e.g. extreme physical measurements unique to elite athletes, highly unique employment history) or any other characteristics about a person (e.g. ethnicity, gender, occupation and/or education) that when combined in one record, single out that person as unique within a dataset. Indirectly identifiable data may not immediately identify an individual, but they provide the potential for identification of the person whom the data are about.1
NB: Personal data do not necessarily need to be considered “sensitive” data to receive protection under the GDPR. If data meet the criteria above, they must be handled in accordance with the GPDR, regardless of whether they could be considered sensitive or not.
Confidential data: Data which may only be accessed by authorized individuals. Personal data are one type of confidential data, but the term also applies to details about a business and its management, intellectual property, proprietary information etc.
Archiving research data: The long-term storage of research data in a manner that prevents modification, loss, damage or obsolescence of those research data in order to: uphold research integrity; allow for the replication of research results and; where appropriate, ensure the research data remain (re)useable well into the future.
Publishing research data: An extension of archiving research data: published data are also findable, accessible and reusable by other researchers. This does not mean that data are open access; access to the data can be restricted and granted upon request. Effectively published research data should describe how one can gain access to the data if access is restricted.
NB: Even if access to research data is restricted, the metadata and documentation about a research project should be published openly, as long as there is no confidential or privacy-sensitive information present. This helps to make data findable, informs others about how data can be accessed, and promotes data as a form of research output for which researchers can receive recognition.
Metadata: Data that describe and explain details about the research data so that the research data can be found, properly understood and reused well into the future.
FAIR principles: Guiding principles for managing research data, and the associated metadata, so that the (meta)data can be properly understood, interpreted and reused. FAIR (meta)data should be findable, accessible, interoperable and reusable.
Interoperable (meta)data: (Meta)data that are findable, accessible and reusable by machines regardless of software or operating system.
In addition to the points listed in the general VU Research Data Management Policy, the following policy principles apply within the FGB:
Research data management is an essential component of every research project. This means:
Effective research data management skills and the FAIR-principles are essential elements in the education of PhD candidates and students following research-based Masters and Bachelors programs.
Research data management requires teamwork within the faculty. Every individual should know their own responsibilities, but should also be aware of the support services available to them and make use of these services, as required.
It is assumed that researchers know and apply the VSNU Scientific Code of Conduct for Research Integrity, the VSNU Code of Conduct on the Use of Personal Data in Scientific Research, the VU RDM Policy, and the FGB RDM policy. Researchers conducting research projects that fall under the purview of the WMO should also be familiar with the relevant legislation and codes of conduct as described by the CCMO and the VUmc METc.
Researchers who work with personal data are required to understand and comply with the privacy requirements of the GDPR and UAVG and conduct their research in a manner that ensures that data privacy, confidentiality and integrity are maintained throughout the project
Researchers are responsible for determining who is allowed to access (some of) the research data both within the faculty and between institutions. Senior researchers, project coordinators and project leaders should assist junior researchers and interns with this determination; advice from the FGB privacy champion and/or FGB research data officer can be requested, in cases of uncertainty.
Researchers are responsible for determining which documents (e.g. data management plans, data protection impact assessments, data classifications etc.) must be completed for their research project and for the completion of these documents early in the planning stages of their research
Researchers are expected to determine the appropriate facilities, systems and tools for effective research data management, seeking advice from ITVO, TO3 and the FGB research data officer as required.
Researchers are expected to seek advice regarding the ethics and scientific integrity of their research. They are responsible for determining if the project must be approved by an METc, the CCMO or an external body as required by their research funder. If none of these conditions apply, researchers are strongly advised to submit their research proposals to the Scientific and Ethical Review Board (VCWE) for ethical review, while recognizing that the VCWE cannot be held accountable for the researchers’ ethical conduct.5
Research data must be archived according the local FGB implementation of the DSW National Guidelines on Archiving.6
The board will require the teaching of FAIR data management principles in the bachelor, masters, and graduate level curricula.
The board will assess and ensure the compatibility between the RDM policies of the faculty and the interdisciplinary institutes.
The faculty board will report to the university board about the RDM policy for the FGB.
The board will appoint a research data officer who will:
The director will ensure the proper functioning, security, and reliability of FGB facilities for data storage and management.
The director will sign contractual agreements with third parties, such as processing agreements with data processors, data sharing agreements and so forth, on behalf of the Stichting VU.
This RDM policy takes effect as of February 1, 2019. All responsible parties are expected, at this time, to be aware of their tasks and to have reviewed any applicable documents.
The data archiving requirements will be phased in over the course of 2019. The FAIR data practices will be introduced in 2019 and their application to research activities is strongly recommended, but not an absolute requirement. Reassessment will take place in the fall of 2019 and will be included in the FGB annual report for 2019.
Research institutes will report annually on their activities to support data management.
Almost all data about human subjects are considered personal data under the GDPR. The vast majority of the data collected at FGB are about human beings and should therefore be treated as personal data unless you have confirmed with an expert that the data are anonymous. This reference card on anonymity from the National Coordination Point for RDM further explains this concept.↩︎
See FGB Security Tips: The Basics, particularly FGB Security Tips: Safe Practices for Students Working With Research Data for more information.↩︎
The faculty implementation of the Code of Ethics for Research in the Social and Behavioural Sciences Involving Human Participants outlines the ethical standards expected of every FGB researcher.↩︎
Detailed information on the requirements for data archiving within the FGB can be found in the FGB Implementation of the National Guidelines for Archiving of Academic Research for Faculties of Behavioural and Social Sciences. For research projects conducted by an interdisciplinary research institute, the institute may have separate guidelines on archiving data.↩︎
In this section, the responsibilities of a department head are tied to the position of department head, not the individual. When one individual steps down from this role, the new individual takes over the responsibilities of their predecessor.↩︎