Policies, codes of conduct and laws
Policies and guidelines at Utrecht University
The University Policy Framework for Research Data highlights the requirements and expectations concerning scientific conduct, including the treatment of your research data. The policy sets out parameters to safeguard the quality, availability and accessibility of the research data you work on within Utrecht University and provides a basis for evaluating compliance with laws, regulations and codes of conduct. The policy also clarifies the roles and responsibilities of university staff in managing research data.
Sections 4 and 5 are relevant to read. Relevant points are:
- Make research data available for access and reuse at and outside Utrecht University when reasonably possible;
- Archive research data in a structure suitable for long-term preservation and later consultation;
- For verifiability purposes, retain the full set of research data connected with a research project after the project;
- Archive research data for a minimum of ten years, starting from the date that the research results are published;
- Provide sufficient metadata and documentation to describe the data to ensure they are findable for further research;
- Do not transfer the exclusive rights to reuse or publish research data to commercial publishers or their representatives without retention of the right to provide open access to the data for reuse. The exception for this is when transferring of such rights is a condition for awarding funds;
- Write a Data Management Plan (DMP) at the start of the research project. During your research you should follow up the agreements made there;
- Factor in the costs for the preservation and management of the research data in research proposals and grant applications.
Utrecht University Faculty Data Protocols
While the policy framework offers guidance on an institutional level, faculties are responsible for drawing up their own policy or protocol. Below you can find links to faculty pages about research data management, including links to existing protocols. Note that besides faculty-level protocols, there may also be protocols for your specific department or research group.
Website for research data management and privacy within the Geosciences, currently not including faculty protocol.
Website for research data management and privacy within the Humanities, including a link to the faculty policy.
Law, Economics and Governance
Intranetpage with the faculty policy.
Medicine / UMCU
Intranetpage for research data management within the UMCU, including the institutional policy.
Website for research data management and privacy within Science, including the faculty protocol.
Social and Behavioral Sciences
Website for research data management and privacy within Social and Behavioral Sciences (FSS).
Intranetpage for research data management within FSS, including the faculty protocol.
Currently no dedicated website nor faculty protocol available.
Research integrity and ethics
All information about research integrity, including codes of conduct and the faculty ethical committees can be found on this dedicated page.
The relevant sections of some of these codes are summarized here:
- Code for Scrupulous Academic Practice and Integrity (Utrecht University)
Researchers at Utrecht University should be transparent in the way in which data is stored and research results are achieved.
- The European Code of Conduct for research Integrity
- Code of conduct for research integrity (Universities of The Netherlands)
Relevant sections for research data management are (summarized):
- 2.3 Transparency throughout the research process and data;
- 3.2 Design: describe how the data are organized (10) and ensure that permissions are obtained and if needed, ethical review is conducted (13);
- 3.3 Conduct: describe the data honestly, scrupulously and transparently (23), manage the data carefully (24) and contribute to making your data FAIR (25);
- 3.4 Reporting results: record and be transparent about methods and procedures (35) and make research data public, if possible (45).
- Standard evaluation protocol 2021-2027 (KNAW)
Relevant criteria for research data management are (summarized):
- Open Science: reuse of data, data storage according to the FAIR principles, making research data, methods and materials available (or the plans to do all of this);
- Academic Culture - Research integrity: both data integrity and the extent to which an independent and critical pursuit of science is made possible within the unit.
Handling privacy-sensitive data
The following laws and regulations are relevant when you are handling personal data in your research project:
- General Data Protection Regulation
The General Data Protection Regulation (GDPR, in Dutch: AVG) is the main privacy law in the European Economic Area, which aims to protect the personal data of natural persons in Europe. In the Netherlands, the GDPR replaces the previous “Wet Bescherming Persoonsgegevens”. Other laws (including those below) continue to exist next to the GDPR where they have complementing rules. See the Data Privacy Handbook for practical information on the GDPR’s contents relating to research.
- Wet Medisch wetenschappelijk Onderzoek
Medical research, or research carried out among participants who are subjected to actions and/or to a certain behavior falls under the scope of the Wet Medisch wetenschappelijk Onderzoek (WMO). Such research must first be tested by a recognized Medical Ethics Committee. It is advised (and sometimes part of a faculty protocol) to have non-WMO-related research with humans reviewed by an (faculty) ethical review board as well.
- Wet Geneeskundige Behandelingsovereenkomst
The Wet Geneeskundige Behandelingsovereenkomst (WGBO) describes the rights and obligations of clients in health care. It also stipulates under which conditions data can be shared for statistics or scientific research in the field of public health (article 458).
- Report a data breach via firstname.lastname@example.org
Whenever there is a breach of security that can lead to theft, loss or misuse of personal data, you are obliged to report this under the GDPR as soon as possible. Please do so by contacting email@example.com.
- Information security policy (Utrecht University)
This policy describes how the university handles the protection of information, including privacy-sensitive information. It is mostly relevant for those creating infrastructures and often types of software. Please contact RDM Support or your Information Security officer for questions about information security.
- Codes of conduct for using personal data in research
There are also specialized codes of conduct for handling personal data in research, for example for health research.