Policies, codes of conduct and laws

The University Policy Framework for Research Data sets out parameters to safeguard the quality, availability and accessibility of the research data you work on within Utrecht University and provides a basis for evaluating compliance with laws, regulations and codes of conduct. The policy also clarifies the roles and responsibilities of university staff in managing research data. Relevant points are:

• Make research data available for access and reuse at and outside Utrecht University when reasonably possible;
• Archive research data in a structure suitable for long-term preservation and later consultation;
• For verifiability purposes, retain the full set of research data connected with a research project after the project;
• Archive research data for a minimum of ten years, starting from the date that the research results are published;
• Provide sufficient metadata and documentation to describe the data to ensure they are findable for further research;
• Do not transfer the exclusive rights to reuse or publish research data to commercial publishers or their representatives without retention of the right to provide open access to the data for reuse. The exception for this is when transferring of such rights is a condition for awarding funds;
• Write a Data Management Plan (DMP) at the start of the research project. During your research you should follow up the agreements made there;
• Factor in the costs for the preservation and management of the research data in research proposals and grant applications.

The UU Data Publication guidelines help you in practice to prepare your data package before publication. When you follow these guidelines, you will make sure your dataset complies with the FAIR principles. Additionally, when you use one of the UU solutions to publish your dataset (Yoda or DataverseNL), following these guidelines will significantly speed up the publication process.

The Code for Scrupulous Academic Practice and Integrity states that researchers at Utrecht University should be transparent in the way in which data is stored and research results are achieved.

The European Code of Conduct for Research Integrity is a European framework for self-regulation across all scientific and scholarly disciplines and for all research settings.

Relevant sections from the Dutch Code of Conduct for Research Integrity for research data management are (summarised):

• 2.3 Transparency throughout the research process and data;
• 3.2 Design: describe how the data are organized (10) and ensure that permissions are obtained and if needed, ethical review is conducted (13);
• 3.3 Conduct: describe the data honestly, scrupulously and transparently (23), manage the data carefully (24) and contribute to making your data FAIR (25);
• 3.4 Reporting results: record and be transparent about methods and procedures (35) and make research data public, if possible (45).

Relevant criteria from the Standard Evaluation Protocol 2021-2027 for research data management are (summarised):

• Open Science: reuse of data, data storage according to the FAIR principles, making research data, methods and materials available (or the plans to do all of this);
• Academic Culture - Research integrity: both data integrity and the extent to which an independent and critical pursuit of science is made possible within the unit.

The General Data Protection Regulation (GDPR, in Dutch: AVG) is the main privacy law in the European Economic Area, which aims to protect the personal data of natural persons in Europe. In the Netherlands, the GDPR replaces the previous “Wet Bescherming Persoonsgegevens”. Other laws (including those below) continue to exist next to the GDPR where they have complementing rules. See the Data Privacy Handbook for practical information on the GDPR’s contents relating to research.

Medical research, or research carried out among participants who are subjected to actions and/or to a certain behavior falls under the scope of the Wet Medisch wetenschappelijk Onderzoek (WMO). Such research must first be tested by a recognised Medical Ethics Committee. It is advised (and sometimes part of a faculty protocol) to have non-WMO-related research with humans reviewed by an (faculty) ethical review board as well.

The Wet Geneeskundige Behandelingsovereenkomst (WGBO) describes the rights and obligations of clients in health care. It also stipulates under which conditions data can be shared for statistics or scientific research in the field of public health (article 458).

The Utrecht University information security policy describes how the university handles the protection of information, including privacy-sensitive information. It is mostly relevant for those creating infrastructures and often types of software. Please contact RDM Support or your Information Security officer for questions about information security.

Whenever there is a breach of security that can lead to theft, loss or misuse of personal data, you are obliged to report this under the GDPR as soon as possible. Please do so by contacting databreach@uu.nl.

There are also specialised codes of conduct for handling personal data in research, for example for health research.