Ethical and legal considerations are central to responsible research data management. This section outlines how to protect participants’ rights, comply with GDPR, and ensure your data can be shared safely and appropriately.
Anonymisation: Permanently removes identifiers so individuals cannot be re-identified.
Example: Deleting all personal information and aggregating results.
Pseudonymisation: Replaces identifiers with codes or pseudonyms, but data can still be re-identified if the key is available.
Example: Replacing participant names with ID numbers stored separately.
GDPR requires explicit, informed consent for the collection and processing of personal data.
Key principles:
Transparency – participants must know how data will be used.
Right to withdraw – consent can be withdrawn at any time.
Minimisation – only collect the data you need.
Link to SETU Data Protection Policy: SETU Data Protection
Clarify who owns the data: the researcher, collaborators, or the institution.
For collaborative projects, outline ownership in agreements at the start.
Respect copyright when reusing or building on third-party data.
Apply a licence to your dataset to define how it can be reused.
Common options:
CC BY – allows reuse with attribution.
CC0 – dedicates work to the public domain.
Open Data Commons – licences for databases.
Funders increasingly expect a clear licensing statement in DMPs.
Secure storage (encrypted, access-controlled).
Limit access to authorised team members only.
Seek advice from the Data Protection Officer (DPO) and Ethics Committee for projects involving sensitive or vulnerable participants.
✅ Have you obtained informed consent?
✅ Is personal data anonymised or pseudonymised where possible?
✅ Have you consulted GDPR and institutional policies?
✅ Is a licence applied to clarify reuse conditions?
✅ Do you know who owns your research data?