LibGuides: Research Data Management: Managing data

Data Management Plans

Good data management begins at the very start of a research project with developing a Data Management Plan (DMP).

BU and many funders have made this a requirement.

DMP Online

DMP online is a data management planning tool. Use it to create your DMP and take advantage of its many benefits:

It contains BU and funder templates to ensure all points are covered.
Each section contains guidance from various sources, visible within tool. No need to search elsewhere for guidance.
It is possible to share your DMP with collaborators and make comments.
Postgraduate researchers can share their plans with their supervisors for effective supervision throughout their projects.

To begin using the system, sign-in or create an account. When creating an account, remember to select Bournemouth University from the list of organisations. That will ensure the BU template is available for you to use.

What is a Data Management Plan?

It is a summary, usually between 1-2 pages, explaining how data will be managed throughout the research project. It will address issues such as:

What type of data is being collected and how will it be organised?
How will data be described and documented?
What are the ethical and legal implications of collecting, analysing and sharing data?
Who is responsible for what? What resources will be required?

What are the benefits of writing a Data Management Plan?

Data management needs to be planned early to ensure the production of efficient and high quality data:

Strategies for data security, organisation and file naming reduce the risk of 'losing' data, particularly when working collaboratively.
Funding for adequate resources need to be considered before submitted a bid. For example, is there a need for a training budget? Are there any hardware or software costs? How much will it cost to store the data?
Describing and documenting the data is much quicker and more accurate when done as early as possible. Planning ahead helps to ensure nothing is missed.
Documenting the ethical and legal implications of data collection and publishing saves time. For example, retrospectively seeking participant consent for data to be shared could be massively time consuming. Information in the DMP could also be used as evidence to an ethics committee.

Essentially, it is much easier to do things correctly from the beginning, and much more costly to make retrospective changes!

Where can I find guidance?

The Digital Curation Centre provides guidance on funder requirements, practical help on what to include, and examples of completed DMPs.
Further guidance on the topics covered by DMPs are provided below, with links to external guidance where relevant.

Legal and ethical issues

Participant consent for data sharing

Informed participant consent is required to enable research data to be deposited in BORDaR (or any other repository). This includes anonymised data.

The Participant Information Sheet should set out if research data will be deposited in a data repository and explain the benefits of doing so (e.g. available for future research).
The Agreement Sheet should include specific consent for the data to be archived.
The relevant sections are included in BU’s Participant Information Sheet and Agreement Form templates. The wording can be amended depending on the project.
Additional guidance on participant consent for data sharing is available from the UK Data Service.

High-risk data

High-risk data should be noted in the Data Management Plan along with the safeguards that will be in place to mitigate any risks.

The Online Ethics Checklist will identify any high-risk data associated with the research. What constitutes high risk is explained on BU’s Research Ethics website, and there are examples on BU’s Information Classification webpage (along with how data should be handled depending on the level of risk).
If there are high risks associated with processing personal data, a Privacy Impact Assessment (PIA) should be completed. Support and advice on PIAs are provided by BU’s Data Protection Officer via dpo@bournemouth.ac.uk.
Sensitive data can still be used and shared for research purposes (without infringing legal and ethical requirements) if appropriate controls and safeguards are applied such as informed consent, secure storage and data handling, anonymisation and controlled access.

Intellectual Property Rights

Ownership of intellectual property rights (IPR) to research data needs to be documented from the start.

This applies to IPR arising from primary research and/or data derived from third-party sources. Intellectual property issues can then be dealt with more efficiently during the research project.

IPR and primary data

Read BU’s Intellectual Property Policy (2020) for the policies and procedures applied to all intellectual property created during activity carried out by BU staff or students as part of research.
Where research is being carried out in collaboration with other academic institutions or with commercial partners, ownership rights may be shared or apply separately to different datasets. It should be clear from the start who owns what, and how the data can be used and shared. Please consult Legal Services during project planning to ensure appropriate agreements are in place.

IPR and third-party data

The IPR for data derived from third-party sources (e.g. social media sites such as Twitter or an existing dataset from a commercial database) will likely belong to third parties, not to the researcher using the data. To use the data, it is likely that suitable permission will be needed from the data owner. Permission might be given in the form of a licence or in the terms and conditions published by the data owner. Written permission may need to be sought from the owner.
If using data from third-party sources, it is important to gain explicit permission from the data owner as soon as possible. Trying to do this retrospectively could take longer (especially if the data owner is an individual researcher who has moved on and becomes more difficult to contact). It would also be very costly to find out too late that the data cannot be used.
Additional guidance on intellectual property rights to research data is available from the UK Data Service.

Data storage and security

Data storage

BU’s Information Classification webpage specifies how data should be handled and stored depending on the classification assigned to it.

This table summarises how different electronic storage solutions compare against requirements for safe data storage. Any storage needs requiring services/solutions not covered in this table should be raised with IT Services. For most research projects, SharePoint is recommended.

Storage solutions for live research data
	OneDrive (BU)	SharePoint / Teams (BU)	Non-BU cloud-based services (Dropbox, Google Drive etc.)	Network storage (H and I-Drives)	Local drives (BU or personally owned devices	BU owned portable device (e.g., USB drive)	Personally owned portable device
Storage capacity How much storage and how large can individual files be?	1TB	1TB	Variable		Variable	Variable	Variable
Security measures How secure is the storage solution? What standards does it meet?	Assessed and managed by IT. Assurances in place regarding the functionality and security of the system.	Assessed and managed by IT. Assurances in place regarding the functionality and security of the system.	IT services can assess the service and confirm is there are appropriate assurances in place regarding the functionality and security of the service.	Assessed and managed by IT. Assurances in place regarding the functionality and security of the system.	Variable	Variable	Variable
Access and control measures Is it deemed secure by BU? What measures can be implemented to protect personal or sensitive data?	Choose whether folders of files are kept private or shared. If shared, options to limit who can access the files/folders. Options to restrict documents to ‘view only’ and ‘block downloads’ Options to change permissions.	Choose whether folders of files are kept private or shared. If shared, options to limit who can access the files/folders. Options to restrict documents to ‘view only’ and ‘block downloads’ Options to change permissions.	Variable	H: Drive is generally private and only accessible by the owner. In justified circumstances IT-Services can access the drive. I:drive files/folders can be restricted to authorised users only.	Generally, only accessible by the owner. Remote access to the device by IT-Services might be possible., but unlikely on personal devices.	Generally, only accessible by the owner.	Generally, only accessible by the owner.
Data protection Is it appropriate for storing personal data in line with GDPR and BU policy?	Yes - with appropriate access and control measures in place.	Yes - with appropriate access and control measures in place.	No storage permitted. Only centrally procured storage solutions should be used which have contracts in place and have been verified by BU as compliant with data protection legislation.	Yes - with appropriate access and control measures in place.	No storage or creation permitted.	No permanent storage (USBs, external hard drives). No storage on mobile phones or tablets.	No storage or creation permitted
Collaboration Does it support collaboration?	Yes	Yes	Unknown. Depends on the service.	Limited. Not really.	No	No	No
Back-ups Are backups managed by BU IT-Services?	Not backed up by either Microsoft or BU. Contact IT Services for any specific backup requirements.	Not backed up by either Microsoft or BU. Contact IT Services for any specific backup requirements.	Unknown. Depends on the service.	Yes	No	No	No
Version control Is there automatic versioning control?	Yes	Yes	Unknown. Depends on the service.	No	No	No	No
Data deletion Is data securely destroyed when deleted?	Yes – retained in Office365 for further 93 days from deletion.	Yes – retained in Office365 for further 93 days from deletion. (Teams messages) Yes – retained in Office365 for further 17- days from deletion	Unknown	Yes – retained in backs up for further up to 8 weeks after deletion.	No	No	No
What happens when I leave BU? What happens to the data if no action is taken? What should happen to the data before leaving BU?	Data and documentation deleted 30 days after the account owner leaves BU. Files should be transferred to BU SharePoint to meet data access and retention requirements.	A project site on SharePoint will remain after you leave BU, satisfying data access and retention requirements. A copy of your Data Management Plan, detailing data retention periods should be saved on the site.	Data and documentation are not accessible if the account owner is ill or leaves BU. Files should be transferred to BU SharePoint to meet data access and retention requirements, and then deleted from the non-BU cloud-based service.	Data and documentation stored in your H-drive are deleted 30 days after the account owner leaves BU. Data and documentation stored on the I: Drive will remain. Files should be transferred to BU SharePoint to meet data access and retention requirements.	Data and documentation are not accessible if the account owner leaves BU. Device will be wiped and deployed. Files should be transferred to BU SharePoint to meet data access and retention requirements, and then deleted from the local drive.	Data and documentation are not accessible if the account owner leaves BU. Device will be wiped and deployed. Files should be transferred to BU SharePoint to meet data access and retention requirements, and then deleted from the portable device.	Data and documentation are not accessible if the account owner leaves BU. Files should be transferred to SharePoint to meet data access and retention requirements and then deleted from the portable device.

Data security

How to keep sensitive data safe.

Data encryption

Particularly useful to ensure security when transferring data remotely (e.g. email) or physically (e.g. by USB disk).

Data disposal

How to dispose of sensitive data (after its been deposited in a data repository for long term preservation).

Organising and describing data

Metadata

Metadata are standardised and structured descriptive labels applied to an object. A library catalogue, for example, is a database of metadata records describing the books in the library. Each record corresponds to a book on the shelves and is made-up of individual metadata fields such as 'Title', 'Author' or 'Subject' fields. Just as a book would be hard to find without a catalogue record, research data would be very hard to find and access without its own metadata record. Metadata is much easier to collect and record if planned from the start of a research project. This is particularly the case for collaborative projects where consistency is required.

Metadata requirements for BORDaR

The metadata elements required in BORDaR (BU's research data repository) are described in the 'Sharing your data' section of this guide.

Disciplinary specific metadata standards

The Digital Curation Centre maintain a list of disciplinary metadata standards. These are standards which formalise the metadata specifications that academic communities consider important for research data to be findable, accessible, interoperable and re-useable (FAIR). When choosing a metadata standard, consider which would be most appropriate for your area of research.

Some repositories specify the metadata standards which should be used to describe the hosted research data. The UK Data Service, for example, uses the Data Documentation Initiative (DDI) standard. If you plan on depositing your data with an external data repository, it is important to check whether adherence to a specific standard is required. The Registry of Research Data Repositories can be used to find suitable disciplinary repositories. Please be aware that some funders specify or provide guidance around which repository to use. The Data Curation Centre provide a summary of funders' data policies.

Subject terms and keywords

Taxonomies and/or thesauri are structured, controlled vocabularies. They are used to improve the discoverability of research data, and many data repositories require subject headings (controlled) or keywords (uncontrolled) to be provided when the data is deposited. If depositing data in an external repository, check which scheme is being used. This will need to be noted in your Data Management Plan.

BORDaR does not currently utilise subject headings, though they could still be entered as keywords.

Subject headings can be found by using generic or discipline specific schemas. A few examples are listed in the table below

Name	Description
General
searchFAST	FAST subject headings are a simplified adaptation of the Library of Congress Subject Headings (LCSH).
Arts and Humanities
Art and Architecture Thesaurus (AAT)	Covering art, architecture and visual culture heritage.
HASSET	The Humanities and Social Sciences Electronic Thesaurus, provided by the UK Data Service.
Health and Medicine
Medical Subject Headings (MeSH)	Produced by the National Library of Medicine. It is used for indexing, cataloguing, and searching of biomedical and health-related information.
Science and Technology
Heritage Data	Lists of schemes covering archaeology.
Social Sciences
HASSET	The Humanities and Social Sciences Electronic Thesaurus, provided by the UK Data Service.

File names and structures

Sensible file names and well-organised folder structures make it easier to find and keep track of data files.

Version control

It can be difficult to locate a correct version or to know how versions differ after some time has elapsed. Version control overcomes this.

File formats

Standard, non-proprietary file formats are best for long term preservation. The UK Date Service also provide a list of recommended formats.

Data documentation

Proper documentation of data is crucial if research data is to be used, shared and reused.

Data sharing and reuse

Selecting data for long-term preservation

Not all research data can be preserved in the long term. This can be due to the cost of data storage or the risk that 'unnecessary' data deposits could swamp the scholarly system, making it more difficult to find data without considerably more effort. Ethical or commercial considerations could also rule out even publishing on a restricted basis.

Cox and Verbaan (2018) list the kinds of questions that need to be asked to determine the significance of a dataset:

What uses could the data have? Is it needed, for example, to allow scrutiny for a research output?
What data is required to be kept because of policies and regulations?
Does it have longer term value for future research?

The data type may also have a bearing on what is retained in the long-term. Observational data, for example, cannot be reproduced and is therefore unique. It would have a higher priority for preservation than the results of a relatively inexpensive experiment that could be reproduced with the right documentation. However, experimental data produced from a time-consuming and costly study would be a strong contender for preservation. It may also not be necessary to keep the output of simulated data, particularly if the file is very large. Instead, the code and documentation needed to re-run the simulation may be all that's required for preservation.

Use this checklist to help assess whether your research data should be deposited and preserved in BORDaR. The list was initially produced by NERC, and slightly modified by the University of Bristol.

Restricted access to sensitive data

Sensitive data can often be shared for research purposes (without infringing ethical and legal requirements) because appropriate controls and safeguards are applied, for example informed consent, employing anonymisation techniques, and/or controlling access to data. However there will be some cases where it is not appropriate to make research data publicly available in a data repository even though its use within the research project was legal and ethical: it may not be possible to anonymise or otherwise reduce the sensitivity of the final dataset, and the impact of making data publicly available is usually very different to the impact of the same data being used in a controlled way within a specific individual research project.

Restricted access refers to limits which can be imposed on accessing research data through a data repository, where public access is not appropriate for these reasons. These restrictions can be placed in both the short and long term.

Embargoes are short term restrictions on access to research data. An embargo, for example, might be used to give researchers time to write-up and publish their research before the data is made available. If an embargo is required, this should be stated in the Data Management Plan and justification provided. The expectation is that research data should be deposited and made available at least by the same time as the published output in BURO (BU's publication repository).

Controlled Access places longer term restrictions on who can access research data. Different repositories will have different levels of restrictions, so if you plan on depositing in an external repository, it is important to check what levels of access they offer. BORDaR (BU's data repository) does not currently offer controlled access, but this is something currently being developed. If you plan on depositing data in BORDaR but believe that it would be inappropriate to publish the data without restrictions, please contact the research data management team.

Where will the data be shared?

Research data can either be deposited within BORDaR, BU's own research data repository, or with an external repository. It is important that the Data Management Plan clearly states which repository has been chosen. This is because different repositories have different requirements which need to be taken into account.

If depositing externally, a record will be created in BORDaR with a link to the data set. The preference is for data to be hosted externally in a disciplinary repository. This is because the data is more likely to be found and used by members of the academic community if it is hosted on a repository used by members of that community. However, BORDaR is available, particularly when cost or suitability rule out other options.

External repositories

The Registry of Research Data Repositories can be used to find suitable disciplinary repositories. Please be aware that some funders specify or provide guidance around which repository to use. The Data Curation Centre provide a summary of funders' data policies.

What license will be applied to the data?

Where research data are deposited to be available to others, such access must be subject to licence conditions. These should be consistent with the University’s and the funder’s legal, ethical and contractual requirements and the position with regard to ownership of intellectual property rights. Such licences may restrict use of the data to research or other non-commercial purposes and set requirements as to citation, attribution or acknowledgement.

Creative Commons licences are often applied to research publications and data. Visit copyrightuser.org for more details.

Disclosure assessment

Risks of disclosure need to be considered before, during and after data is collected to ensure confidentiality.

Anonymisation

Anonymisation techniques may need to be employed to enable data sharing while preserving participant confidentiality.

Responsibilities and resources

Collaborative projects

Roles and responsibilities for managing research data need to be assigned to individuals and not just presumed. This is crucial in ensuring that the research will be carried out in line with the Data Management Plan and all applicable requirements (e.g. funder requirements, BU policies, legal requirements). For internal BU research teams roles and responsibilities can be documented in team plans and protocols. Assigning roles and responsibilities is particularly important for collaborative projects. You should seek advice from Legal Services to ensure that collaboration, data processing or data sharing agreements are put in place with external collaborators and service providers where appropriate.

Roles and responsibilities

It is crucial that roles and responsibilities are assigned and not just presumed, especially for collaborative projects.

Costing data management

Data management and sharing activities need to be costed into research, in terms of the time and resources needed.

Collaborative research

Strategies for coordinating and streamlining data management in large scale collaborative projects.