Good planning is vital for reducing the risk of data processing errors. The greatest risk is associated with the start-up phase (collection, conversion, encryption and transmission) before the data is stored on a well-secured processing solution.
Input and advice early in the planning phase is important, especially when it comes to data management / processing.
Contents
- Privacy and ethics in research
- National data policy for research data management
- Management of research data and data processing at OsloMet
- Help for strategic planning of institutional data
- Data management plan (DMP)
- Find, gain access to, collect and store research data
- Statistical data
- Data processor agreement
- Transferring research data
- Long-term storage, deletion and anonymisation of research data
1. Privacy and ethics in research
- NSD's newsletter about the most important changes in new legislation (GDPR) for researchers and students (in Norwegian only)
- OsloMet's guidelines for privacy in research.
- See the thematic overview of methods for different research fields at the Norwegian centre for research data (nsd.no).
- The research topic determines the procedures for methodology and ethical guidelines. See research ethics, responsibility distribution and guidelines at OsloMet.
- Consent statements ad information letters (guidelines, templates, forms).
- Confidentiality statements.
2. National data policy for research data processing
The Research Council has adopted a policy and guidelines for open access to publicly funded research data.
"The main principle in the guidelines is clear: Research data must be shared. Research data must "ultimately [...] be available to relevant users, under the same conditions, at the lowest cost. The fact that the research council now clarifies its policy through guidelines for open access and data sharing is very important for the work of building national research data archives and common data services for Norwegian research. "(From "Research data must be shared", nsd.no)
The new legislation for privacy takes effect from May 2018 (datatilsynet.no).
3. Management of research data and data processing at OsloMet
How research data is managed in concrete terms depends largely on the individual research project.
It is critical that research data is managed correctly and in compliance with laws and regulations.
Data belonging to a given institution may be reserved for the institution's employees, or shared with other researchers under certain conditions.
It is important to have a good planning to reduce the risk of wrong data management. The greatest risk is associated with the start-up phase (collection, conversion, encryption and transmission) before data is stored on a well-secured storage site.
Violation of guidelines and laws for research data management may result in conviction, fines and damaged reputation for the researchers and OsloMet.
Input and counseling early in the planning phase is important, especially when it comes to data management / processing.
Contact fou-teknisk@oslomet.no to discuss data management in as early stage as possible in potential and initiated projects.
All must go through a risk and value assessment upon start-up.
4. Help for strategic planning of institutional data
- Choosing the right electronic tools and storage sites for research data.
- All projects that deal with sensitive data must use the solution TSD 2.0 Service for sensitive data.
Discipline-specific guidelines
Best practices depend on the field of research. The faculty of health sciences has different guidelines for data management than the faculty of social science.
Medical and health research projects, general research biobanks and exemption from the duty of confidentiality for other types of research must be pre-approved by REK.
The R&D advisor at your faculty or centre will be able to advise about relevant guidelines for your specific research project.
Contact the R&D advisors at the faculties and centres.
5. Data Management plan (DPM)
The data management plan must state how the research data will be collected, stored and shared. Data management plans vary in range and level of detail depending on the specific research project and according to what the different financiers require.
See examples on procedures for data management plans for Norwegian research projects and EU projects.
6. Find, gain access to, collect and store research data
Find and gain access to reuse research data
The Norwegian centre for research data (NSD) has opened available data sets for personal data, regional data, institutional data, data about the political system and portal for educational research.
The Norwegian Institute for Public Health provides data for research and analysis. Here you will find an overview of health records, health surveys and biobanks as well as practical information about the application process.
Statistics Norway (SSB) has made an overview of data sets which also states who may order data, which authority may grant exemption from the duty of confidentiality and the legal basis for the duty of confidentiality.
For access to data from Statistics Norway (SSB), go to its website Data for research. It shows what you need to do to borrow data. Statistics Norway grants microdata to research projects and has data relating to persons, businesses and enterprises.
- Data collection.
- Anonymised or de-identified data.
- Microdata / register data to research projects (microdata.no).
- Access to data from other organisations.
- Access to confidential information.
- Physically collecting and storing research data.
- Risk assessment (ROS) and value assessment
- Choosing the right electronic tools and storage sites for research data.
- TSD 2.0 Service for sensitive data - apply for access and see the conditions for use at OsloMet.
- Managing audio and video recordings in research. Audio and video recordings may be highly personally identifiable. The more sensitive the information, the higher the level of security must be.
7. Statistical data
- SPSS, a tool for statistical analysis, data management and documentation.
- FoU-support statistic and method (in Norwegian only).
- Statistical support at the Faculty of health sciences.
8. Data processor agreement
The UH-sector has made a proposal for data processing agreement under new privacy legislation (GDPR, which will enter into force on 1 July 2018). Here is an engelish version too. This data processor agreement template is to be used, but has to be customized in each case. There is also made a checklist for data processing agreements (in Norwegian only). The checklist can be used for the quality assurance of data processing agreements offered by providers of cloud services or other types of online services.
A data processor agreement is an important legal document that must be in place as early as possible. Keep in mind that project participants such as interpreters, transcription assistants and research assistants are considered as data processors, if they are from outside the institution, and must consequently sign OsloMet's data processor agreement on how personal data should be processed. The Data processing Agreement must be filed in P360. See the document management routine (in Norwegian only) and The Norwegian Data Protection Authority's guidelines for data processor agreement (in Norwegian only). Case number must be communicated to the Data Protection Ingridj@oslomet.no.
9. Transferring research data
- In Norway: Transferring research data to other organisations in Norway, procedures and step by step.
- Abroad: Transferring research data abroad, procedures and step by step.