The goal is for everyone to understand that research data is to be managed in a secure and proper manner.
Without a good data management plan, the project risks breaking laws and agreements. Consequences may include having to return all assigned funds, fines, convictions and damage to both the researchers’ and HiOA’s reputation.
The data management plan must state how the research data will be collected, stored and shared. To classify the research data is the first step. This lays the foundation for when you later need to choose which technical solutions to use and indicates the different security measures required along the way.
Norwegian examples of data management plans
Data management plans for EU projects
Projects participating in the Horizon 2020 Open Research Data Pilot will be required to develop several versions of a Data Management Plan (DMP), in which they will specify what data will be kept for the longer term.
Other projects are invited to submit a Data Management Plan if it is relevant for their planned research.
The level of detail of the data management plan
HiOA as an institution is responsible for ensuring that research data is managed correctly.
However, as of today, clear guidelines are lacking for how detailed a data management plan should be.
Approvals from NSD and similar actors presuppose that the institution stays true to what has been promised in the application. If formulations about data management in the project are very detailed, an approval will be bound to this. At the same time, an approval of a general formulation may lack vital information about data protection requirements.
A project manager could for example get an approval from NSD on a data management plan that has a wording like "access to data is secured with passwords on their own server."
NSD then assumes that the data is stored in a sufficiently secure way without going into detail about how. The project manager then turns to the IT section to request more space on his home directory for storing the data. This way, IT is not able to detect whether the data is sensitive with strict security requirements. However, the risk of unknowingly breaking the law is present, so it is important to establish a good dialogue with the R&D administration and the IT section early on.
Contact the R&D administration at the faculties or email@example.com for more information about available technical solutions and practical assistance with data management plans for specific research projects.