Research Data Management Policy

Research data processed by University researchers will be managed to a high standard throughout the research data lifecycle as part of the University’s commitment to research excellence. The definition of research data for the purpose of this policy is digital or analog information that is collected, observed, created or reused to produce, validate and enrich research findings and conclusions². The University of Edinburgh is committed to maintaining the highest standards of rigour and integrity in all aspects of its research³. Research data management is a key component of research integrity. Research data management (RDM) refers to the organisation, storage and preservation of data created during a research project. It covers initial planning, day-to-day processes and long-term archiving and sharing, or deletion.​​​​​​

Responsibility for managing data during any research project or programme lies with Principal Investigators (PIs) or individual researchers (academic staff or postgraduate research students) working on their own. When responsibility is delegated to data managers, the PI retains accountability, and is responsible as data owner (and data controller when personal data are collected) on behalf of the University. The PI should choose methods, platforms and services for managing data that are affordable through the research grant and comply with University policy and procedures, as well as their funder’s requirements and those of any external data controller. Researchers should be familiar with University RDM solutions as well as disciplinary tools and infrastructure available to them, including their full costs, terms and conditions, in order to make optimal choices for active and archived research data. This approach is commensurate with the University’s commitment to academic freedom. The researcher must comply with the University’s Information Security Policy and Data Protection Policy, as well as Finance regulations, policies and procedures⁴.^​

When a University researcher is collaborating with any external partner, they should agree between them the rights and responsibilities of each party with respect to data collected, including key decisions about data storage, backup and security, registration, access, transfer, retention, destruction or archiving and licensing. (See Rights section below for when data sharing agreements may be required).

Research students who are responsible for their own research and the integrity of data they collect and use will be bound by the University’s policy and procedures⁵.

The University is responsible for raising awareness of good practice and PIs’ and research students’ obligations with respect to research data, and provision of useful platforms, guidance, and services in support of current and future access, during and after completion of research projects, subject to necessary cost recovery from research funders through PIs’ grant proposals. ​​​​

Researchers must create a data management plan (DMP) at the time of their research proposal if any research data are to be collected or used. Plans should cover data types and volume, capture, storage, integrity, confidentiality, retention and destruction, sharing and deposit. A suggested minimum period of retention is three years from the end of the project, however requirements by funders and data providers, as well as disciplinary guidance should be observed.

Research data management plans must specify how and when research data will be made available for access and reuse. Generally, accompanying research data should be made available as soon as findings are published, under appropriate safeguards when necessary. A Data Protection Impact Assessment is required whenever data pertaining to individuals is used⁶. Research outputs which convey findings from research data should include a citation or data access statement which clearly provides a route for readers to obtain the data. When the researcher does not hold the intellectual property rights or have permission to make derived data available they must provide a citation or data access statement in relevant publications to the source of data.

Costs such as extra storage, long-term retention, or data management effort must be addressed and included in the total cost to funders whose policies accept RDM costs. All UK Research and Innovation funders explicitly state that all costs associated with research data management are eligible under UKRI funding⁷. The Edinburgh Research Office, school research support officers and the Information Services’ Research Data Service can provide indicative costs for University RDM services.​​​​​

The University supports the broad global consensus that publicly funded research data should be made openly available as soon as possible with as few restrictions as necessary⁸. Additionally, many UK and international funders have embraced FAIR principles for data sharing (making data findable, accessible, interoperable, and reusable)⁹. FAIR acknowledges legitimate reasons for restricting access to data, such as confidentiality concerns, suggesting the need for information governance processes over usage when necessary¹⁰. Principal Investigators and research students should consider how they can best make their data FAIR in their Data Management Plans.

Discoverability and access by machines is considered as important as access by humans, in order to accelerate global science and progress Open Research. FAIR calls for the use of persistent identifiers, standard metadata, vocabularies and licences to allow researchers and computer programs to directly access and process data. An emphasis on reusability means that any relevant documentation, protocols, or designs which add context and usefulness to the data should be included with research data in repositories. Links to relevant publications, people, projects, and other research products such as software or source code should be provided in metadata records, with persistent identifiers when available.

In some cases research products such as models and software code can be deposited with research data in data repositories. However, it may be more appropriate to utilise software repositories such as GitLab or GitHub, which offer the ability for partners or others to develop code into new directions while keeping track of versions. Research projects should plan for their software management as well as their data, and consider whether it will be made openly available (perhaps as open source software), and if so what licence is appropriate. In all cases code should be documented in a way that makes its functions transparent to improve quality and enable reuse of software and data. For long-lived projects software sustainability is another consideration which requires updating and refactoring over time.

The University endorses the FAIR data sharing principles for maximising data reuse, and supports related initiatives such as DORA (Declaration on Research Assessment)¹¹, ORCID (Open Researcher and Contributor ID)¹², digital object identifiers (DOIs)¹³, and use of standard open licences for sharing research data and code.

Researchers are not expected to meet the FAIR principles on their own. Research data may be used for interdisciplinary research, may be of future historical interest, and all research data represent records of the University, including data that substantiate research findings. Therefore, appropriately documented research data must be offered for deposit and retention in an appropriate national or international data service or domain repository, or a University repository by PIs or their delegates¹⁴.

The University supports a free-at-point-of-use trustworthy digital repository for University research data which may be used by PIs and research students¹⁵. A time-limited embargo may be used to ensure data are not made available before related publications, subject to funder mandates. Any data which are retained elsewhere, for example in an international data service or domain repository must be registered with the University¹⁶. These external services may assess data for acceptance according to their criteria. Any lock-in to proprietary databases or unnecessary restrictions must be avoided. Research data which are being actively used for analysis not yet made available may be subject to Freedom of Information or other requests¹⁷.​​​​​​

In determining access rights for research data the legitimate interests of the subjects of research data must be protected. The rights of citizen scientists and the public to access publicly funded research should be considered as well¹⁸. When open access to datasets is not legal or ethical, information governance restrictions on access and use must be applied as necessary.

Written agreements are required when personal data (any information relating to an identified or identifiable natural person) is passed from a data controller to a data processor or another data controller, or to a country not bound by the General Data Protection Regulation or equivalent privacy legislation. Written agreements are also useful when the data being shared although not personal data, are confidential or valuable to the parties involved.  The University’s Research Office can assist with providing templates for both incoming and outgoing research data and the drafting and negotiation of the agreements concerned¹⁹.

Exclusive rights to reuse or publish research data must not be passed to commercial publishers or agents without retaining the rights to make the data openly available for reuse, unless this is a condition of funding.

This policy shall be reviewed every five years or when significant changes are required, whichever is sooner. The review will be initiated by Library Research Support in consultation with relevant governance bodies. College Research Committees must be consulted; the Research Strategy Group or equivalent body will grant approval.

1. See https://information-services.ed.ac.uk/about/policies-and-regulations/research-data-policy for policy versions.
2. This is the operational definition of research data for the purpose of this policy. Examples of research data include “statistics,  collections  of  digital  images,  sound  recordings,  transcripts  of  interviews,  survey  data  and  fieldwork  observations  with  appropriate  annotations,  an  interpretation,  an  artwork, archives, found objects, published texts or a manuscript.” – UKRI Concordat on Open Research Data, https://www.ukri.org/wp-content/uploads/2020/10/UKRI-020920-ConcordatonOpenResearchData.pdf.
3. As stated on the Research Integrity web pages of Edinburgh Research Office, https://www.ed.ac.uk/research-office/research-integrity/our-commitment. The University of Edinburgh is a signatory to the Universities UK Concordat to Support Research Integrity, which seeks to ensure that research produced by or in collaboration with the UK research community is underpinned by the highest standards of rigour and integrity. The UK Research Integrity Office Code of Practice for Research has been adopted by the University and should be consulted by Principal Investigators and Data Managers.
4. Links to relevant policies for University research are maintained by Edinburgh Research Office: https://www.ed.ac.uk/research-office/research-integrity/research-integrity-learning/university-policies. The Information Security Policy and related guidance is located at https://www.ed.ac.uk/infosec/information-protection-policies/information-security-required-reading. The Data Protection Policy and guidance is located at https://www.ed.ac.uk/data-protection/data-protection-guidance. Finance regulations, policies and procedures are located at https://www.ed.ac.uk/finance/for-staff/financial-regulations-policies-and-procedures.
5.  See p. 5, “GDPR Guidance for Researchers,” heading “Student research”, available https://www.ed.ac.uk/data-protection/data-protection-guidance/specialised-guidance/research-data-protection, and Personal data processed by students web page, https://www.ed.ac.uk/data-protection/data-protection-guidance/personal-data-processed-students, by the Data Protection Officer for more information about scenarios of students working with personal data.
6. The Data Protection Officer provides advice on completing DPIAs. https://www.ed.ac.uk/data-protection/data-protection-impact-assessments
7. See principle 7 under “Common principles on research data”: https://www.ukri.org/apply-for-funding/before-you-apply/your-responsibilities-if-you-get-funding/making-research-data-open/.​​​​
8. Numerous government bodies have endorsed the principle of publicly funded research as a public good, including the OECD, most recently in Recommendation of the Council Concerning Access to Research Data from Public Funding, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0347.
9. See https://www.go-fair.org/fair-principles/ and original article, Wilkinson, M., Dumontier, M., Aalbersberg, I. et al. The FAIR Guiding Principles for scientific data management and stewardship. Sci Data 3, 160018 (2016). https://doi.org/10.1038/sdata.2016.18.
10. A common form of information governance is a simple data use agreement, signed by the data user, who agrees not to try to identify participants of a research study, for example.
11. See https://sfdora.org.
12. See https://orcid.org. See also Research Publications Policy, https://information-services.ed.ac.uk/about/policies-and-regulations/research-publications.
13. See https://www.doi.org.
14. https://Re3data.org  is a register of repositories to assist in this choice. Considerations for choosing a repository can include funder and publisher requirements, location (and legal jurisdiction), discipline relevance, longevity, price (if applicable), value-added features, user friendliness, scale, and whether the repository has Trusted Digital Repository standard certification, such as the Core Trust Seal.
15. Edinburgh DataShare, https://datashare.ed.ac.uk holds over 3,000 datasets across University research communities managed by Information Services’ Research Data Service.
16. Edinburgh Research Explorer (Pure) is a publicly searchable database which can hold dataset records which link to University people, projects, and research outputs (papers): https://www.research.ed.ac.uk.
17. Records Management has information on the University’s compliance with information legislation:  https://www.ed.ac.uk/records-management/guidance/information-legislation.
18. The University of Edinburgh is a signatory to the Sorbonne Declaration on Research Data Rights, through its membership of both the Russell Group and the League of European Research Universities, which intends to “make [research] data accessible in order to accelerate scientific discoveries and economic development,” https://sorbonnedatadeclaration.eu.
19. See Setting up research contracts, Edinburgh Research Office: https://www.ed.ac.uk/research-office/winning-research-funding/manage-award/setting-up-research-contracts.​​​​​​