Find out how to store and share data safe and securely and how to handle personal data.
- Storing and sharing research data
Storing and sharing of data refers to the dynamic phase of the project. As soon as your research data sets are stable and static you should archive the data for long-term preservation.
All collected research data, including related materials such as protocols, models or questionnaires, must be stored in facilities offered by the UT (LISA), which are ISO 27001- and NEN 7510-certified. See UT research data management policy.
Use the local drive of your laptop or computer only for work copies of your data files as data on these media may be lost in case of malfunctioning or because the device is lost or stolen. The local drive must, if possible, be encrypted to prevent data breach (see the special UT Data Breach webpage).
Use this tool to find the best solution for storing, sharing, transferring or collaborating on research data, during the research.
- Securing research data
Especially when research data are to be considered as confidential, for instance in case of personal or sensitive information, data security is needed.
You can find more information about security measures in research on the UT cyber safety webpage.
Data breach in research refers to the loss or theft of, or unauthorized access to personal or confidential data. More specifically it is linked to personal data breach in the framework of GDPR. In case of a personal data breach you must report this within 72 hours (see the special UT Data Breach webpage).
You should pay attention to preventing data breach, regardless the confidentiality of the data, as it may have a negative impact on the research itself, privacy and reputation of involved persons or organizations and the safety of individuals and society.
When you use devices for work copies of data, it is wise to encrypt the device, folder or file with sensitive data to prevent data leaks occurring in the event of loss or theft. When encrypting a single file, there is a high probability of errors or that an application leaves (parts of) the file unencrypted on your hard disk. The best way is to encrypt the entire hard disk or USB stick.
You can find more (practical) information on the Encryption-webpage.
- Handling personal data: pseudonymization and anonymization
When working with personal data (data on identified or identifiable natural living persons) you need to comply with the General Data Protection Regulation (GDPR), in Dutch: the Algemene Verordening Gegevensbescherming (AVG). This means that you need to pseudonymize the data when you are processing personal data during the project. As soon as the purpose of the collection of the data has been fulfilled, mostly by the end of the project, in most cases you must anonymize the data.
In short, pseudonymization is a method to substitute identifiable data with a reversible, consistent value. This value is usually kept in a key file, in which the pseudonymized data is linked to the personal data. Be aware that the key file must be stored on a secure and persistent location, such as an encrypted storage device placed in a safe or on the Project and Organization drive of your research group with controlled access.
The purpose of pseudonymization is to protect the privacy of research participants from the onset, during the collection of data. For more information see this report from the National Coordination Point Research Data Management (LCRDM).