🟠UCPH Policy for RDM
UCPH Policy for Research Data Management
Below is a detailed summary of the University of Copenhagen (UCPH) Policy for Research Data Management (2022), focusing primarily on data management and storage requirements. I also highlight key roles, responsibilities, and caveats you should watch out for. (You can refer directly to the policy PDF for full wording.) (research.ku.dk)
Overview & Scope
The policy covers all research data (physical and digital) collected, generated, reused, or observed from 11 January 2022 onward in research at UCPH. (research.ku.dk)
It applies not only to scientific staff and PhD candidates, but also to visiting/affiliate researchers, research support staff (e.g., lab technicians or data managers), and students when they produce or contribute to research data. (research.ku.dk)
The policy is intended to ensure good scientific practice, research integrity, and compliance with legal and ethical obligations (e.g., GDPR, intellectual property, confidentiality). (research.ku.dk)
Key Policy Requirements for Data Management & Storage (Sections 2.5 “Storage and Security” and related)
Below are the main obligations regarding data storage, infrastructure, classification, security, and retention under the UCPH policy.
Data Classification & Risk Assessment
At the start of a research project, researchers must classify data by sensitivity (e.g. personal data, confidential, open) and assess risks in terms of confidentiality, integrity, and availability. (research.ku.dk)
Infrastructure Choices
Storage and processing infrastructure must be chosen in alignment with the assessed risks and in compliance with UCPH’s Information Security Policy and applicable data protection laws. (research.ku.dk)
Access Control
Physical and digital access to data must be controlled. Only authorized persons should have access, based on roles defined in the project. (research.ku.dk)
Backup & Redundancy
The policy demands appropriate backup procedures to guard against data loss. Backup frequency, locations, and procedures should be aligned with the classification of data and risk assessments. (research.ku.dk)
Threat Assessment (Internal & External)
Researchers must consider internal/external threats (e.g., malicious actors, system failures) to confidentiality, integrity, and accessibility, and mitigate those risks. (research.ku.dk)
Personal Data Protections & DPIA
For projects involving personal or sensitive personal data, a risk assessment for data subjects’ rights/freedoms must be made. In high-risk cases, a Data Protection Impact Assessment (DPIA) may be required. (research.ku.dk)
Retention / Preservation / Destruction
The policy requires a plan for long-term preservation or destruction of research data. It must include periodic review, and consideration of cost, legal obligations, or feasibility. (research.ku.dk)
Copy at UCPH after Project Ends
A copy of data sets and associated metadata must remain at UCPH after project completion (or when an employee leaves) in a format that ensures accessibility. (research.ku.dk)
Open Sharing / “As Open as Possible, As Closed as Necessary”
By default, data underlying publications should be made openly available, unless prevented by legal, ethical, confidentiality, or commercial constraints. (research.ku.dk)
Agreements & Legal Compliance
Where data are shared with external collaborators, proper agreements (e.g. data transfer, confidentiality) must be in place. Legal, ethical, and contractual obligations must be respected. (research.ku.dk)
Metadata & Documentation
Adequate metadata must be created and preserved alongside the data so that the data can be found, understood, and reused. (research.ku.dk)
Updates to Data Management Plans (DMPs)
If significant changes occur in how data are handled during the project, the DMP must be updated. The DMP must be stored together with the research data. (research.ku.dk)
Additional Considerations & Constraints
The policy references alignment with the Information Security Policy of UCPH, meaning storage and processing must also satisfy UCPH’s general security, confidentiality, and integrity frameworks. (research.ku.dk)
Compliance with GDPR and Danish data protection law is mandatory when personal data is involved. The policy explicitly requires recording legal/ethical approvals and the research data. (research.ku.dk)
The policy does not explicitly mandate a specific storage technology (cloud vs local vs hybrid); instead, it requires that the chosen infrastructure matches the assessed risk. (research.ku.dk)
Faculties, departments, or research groups may adopt additional local guidelines or stricter rules tailored to their discipline or data types. (research.ku.dk)
Last updated