Research Data Management

When you collect your data from your research participants, informing research participants about the processing of their personal data is a crucial part of the transparency principle laid down in the General Data Protection Regulation of the European Union (GDPR). In other words, research participants should obtain the information from you about how their personal data are being collected, used, stored, disseminated, or otherwise processed. More information, see Informing research participants about the processing of their personal data by the Finnish Social Science Data Archive (FSD).  

If you collect personal data, justify why you have the right to collect, handle, and preserve personal data:

• If data processing takes place in the EU (Finland), the GDPR applies and information on data processing should be provided.
• A basic principle regarding the collection and storage of personal data is the need for personal data in a study (scientific research). In other words, consent is not needed if general interest/scientific research is invoked as the basis for data processing.
• According to the main principle in the Personal Data Act (523/1999), personal data can be processed with the consent of the subject. See Content of the information by FSD about what information you need to provide to research participants about the processing of their personal data.
  • Researchers and doctoral students can modify Hanken's consent message template to inform your research participants when collecting personal data.
    • - Hanken's Consent message template for collecting personal data (.docx, in English, Swedish, Finnish in the same document)
  • BSc/MSc/eMBA students can use the different notes in the Record of data processing activities for students e-form and let the research participants know that "The research involves processing and storing of personal data, but it will be conducted according to Hanken's privacy policy."
• You do not need the consent of a person that you do not directly quote. But in your written paper, credit both the original and the secondary sources. This means you need to cite both the original and secondary sources in in-text citations within the paper, and cite only the secondary source in your reference list at the end of the paper.
• If the research participants have questions or requests regarding the handling of the personal data, the student/researcher (name, email address) should primarily be contacted. In case of complaints, the research participants can contact the Data Protection Officer of Hanken (dpo@hanken.fi).

Basically, there are two situations with different must-dos when collecting personal data:

• If the personal data are collected from research participants (for example, when the participant is interviewed, fills out a questionnaire, or is observed by audio/video recording in a performance or social interaction carried out by the participant), you need to provide your research participants the information about the processing of their personal data at the time when you are collecting/obtaining the data. You may provide the information, for instance, at the beginning of the interview or questionnaire.
• If the personal data are received from a source other than the research participant (for example, from other data controllers, publicly available sources, or other data subjects, or combing register data with your research data), research participants should be informed about the processing of their personal data within a reasonable period of time, however, no later than one month counting from the point when the personal data are collected/received by you.

See also the following section on Hanken's security instructions for recording interviews with mobile phones and dictaphones and interviews' content in teleconferences in the section below.

Note that in special situations, for example, if you collect data from children under 15 years old or other populations belonging to vulnerable groups, or your data collection exposes participants to certain kinds of sensitivities or risks, you need to request for an ethical review from Hanken's Research Ethics Committee. See Ethical review about the six types of studies that need an ethical review. Contact  Hanken's Research Integrity Advisor, Anu Helkkula (anu.helkkula@hanken.fi) for detailed advice.

Recorded interviews are usually materials associated with the base information security level (restricted).

Exceptions consist of:

• Interviews whose content concerns a person's sensitive personal data as defined in GDPR, which means that the interviews are then classified as being on the increased information security level (confidential). Sensitive personal data is by definition data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
• Interviews that deal with trade secrets are also classified as being on the increased information security level (confidential).
• Cases where the interviewee has required a particularly high level of confidentiality.

For more information on information security levels, see the PDF file Instructions for handling and storing data and documents on different information security levels on the page of Information Management at Hanken.

The following rules apply when recording interviews:

• Recording with mobile phones
  • Recording with a mobile phone is allowed provided that the phone is in personal use and protected with a PIN, password, or biometric login.
  • Files on the base information security level are transferred via Hanken's OneDrive to the personal computer, or other appropriate storage medium.
  • Files on the increased information security level are transferred to your own computer via a USB cable.
     
• Recording with dictaphones
  • Dictaphones usually lack security features such as PINs or passwords. A dictaphone containing interviews' content must therefore be handled with care so that it does not fall into the wrong hands. The materials should be transferred to another storage medium, e.g., OneDrive or your own computer's disc as soon as possible after the interview. The files should then be removed from the recorder.
     
• Recording of teleconferences
  • Interviews on the base information security level can be recorded through a teleconference in Microsoft Teams. The conference must be arranged through a Hanken user account. The recorded files are created directly in the cloud service and can then be transferred to other suitable storage media.

For surveys, you can also use respondents from participants pools/panels (e.g., Amazon MTurk, Prolific Academic). If doing so, all the same principles for data processing and protection apply as for other sources of respondents. Especially, remember to inform the respondents (on the cover letter or first page of the survey) about the purpose of data gathering and processing, about whether any direct identifier information is stored (stored at all, stored in separate file, or in the same file as the research data), and how and when all the data will be erased. Note that if the actual survey instrument that you use is not Hanken-provided Webropol (but e.g., Qualtrics), you have to check with dpo@hanken.fi that there is a Data Processing Agreement in place with the provider of the survey instrument.

Research data exist in many different forms. It is recommended to use standard, interchangeable and non-proprietary data formats to ensure data reusability. See File formats and Recommended formats by UK Data Service.

It is also recommended data files are clearly named, well organised, and version controlled throughout the research:

• Create a brief and meaningful system with file names at the beginning of the project. Do not use the same name twice for data files.
• Sensible file names and well-organised folder structures make it easier to find and keep track of data files for both others and yourself.
• Keep the balance between shallow and deep folder hierarchy so data files are fitly located and easily findable.
• A clear folder system helps also in access control if you work with (sensitive) personal data or confidential data.
• Version control makes it possible to return to an older version of a specific file.
• Write a readme file to provide information about the data files to ensure that they can be interpreted correctly. See Metadata and data documentation.

Learn more about the best practices in naming and and structuring your data:

• "Chapter 2. Documentation during research project" in Making a research project understandable - Guide for data documentation by Siiri Fuchs and Mari Elisa Kuusniemi at Helsinki University Library. 
• Files and File Formats by CSC
• Organizing data by UK Data Service