Skip to Main Content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Research Data Management

Collecting personal data

For non-medical research involving human participants, researchers shall follow the ethical principles of research with human participants and ethical review in the human sciences in Finland. Finnish National Board on Research Integrity TENK guidelines 2019 (PDF). According to the guidelines, informed consent is a central ethical principle in research with human participants.

If informed consent is used as a legal basis for processing personal data, this consent needs to meet the requirements in the General Data Protection Regulation of the European Union (GDPR). Research participants should obtain the information from you about how their personal data are being collected, used, stored, disseminated, or otherwise processed.

More information, see:

If you collect personal data, justify why you have the right to collect, handle, and preserve personal data:

  • If data processing takes place in the EU (Finland), the GDPR applies and information on data processing should be provided.
  • A basic principle regarding the collection and storage of personal data is the need for personal data in a study (scientific research). In other words, consent is not needed if general interest/scientific research is invoked as the basis for data processing.
  • According to the main principle in the Personal Data Act (523/1999), personal data can be processed with the consent of the subject. See Content of the information by FSD about what information you need to provide to research participants about the processing of their personal data.
  • You do not need the consent of a person that you do not directly quote. But in your written paper, credit both the original and the secondary sources. This means you need to cite both the original and secondary sources in in-text citations within the paper, and cite only the secondary source in your reference list at the end of the paper.
  • If the research participants have questions or requests regarding the handling of the personal data, the student/researcher (name, email address) should primarily be contacted. In case of complaints, the research participants can contact the Data Protection Officer of Hanken (

Basically, there are two situations with different must-dos when collecting personal data:

  • If the personal data are collected from research participants (for example, when the participant is interviewed, fills out a questionnaire, or is observed by audio/video recording in a performance or social interaction carried out by the participant), you need to provide your research participants the information about the processing of their personal data at the time when you are collecting/obtaining the data. You may provide the information, for instance, at the beginning of the interview or questionnaire.
  • If the personal data are received from a source other than the research participant (for example, from other data controllers, publicly available sources or other data subjects, or combing register data with your research data), research participants should be informed about the processing of their personal data within a reasonable period of time, however, no later than one month counting from the point when the personal data are collected/received by you.

This applies when you collect secondary data from online forum/social media and you need to ensure that data processing is fair to all the data subjects involved, and that their fundamental rights are respected in compliance with ethical and privacy principles and relevant terms and conditions of the platform. When applicable, the DPO’s contact details ought to be given to the data subjects involved in the collection and processing of the data from online forum/social media.

See also the following section on Hanken's security instructions for recording interviews with mobile phones and dictaphones and interviews' content in teleconferences in the section below.

Note that in special situations, for example, if you collect data from children under 15 years old or other populations belonging to vulnerable groups, or your data collection exposes participants to certain kinds of sensitivities or risks, you need to request for an ethical review from Hanken's Research Ethics Committee. See Ethical review about the six types of studies that need an ethical review. Contact  Hanken's Research Integrity Advisor, Anu Helkkula ( for detailed advice.

Transcribing qualitative data

Hanken’s video platform Panopto can be used for transcribing research data, for both audio files and video files. The transcription is generated automatically by an AI service, which means that it is not perfect but using this service can significantly speed up transcription of research data. Hanken has made data management agreements with Panopto, so that you can use this service in accordance with the data security requirements and data protection regulations. Please note that you are nonetheless responsible for not sharing the research data with anyone else in Panopto.

Follow the instructions in the following PDF file carefully or watch the video "Transcribing research data with Panopto":

  •  Video: Transcribing research data with Panopto, by Mikaela Krohn

Security instructions for handling recorded interviews

Recorded interviews are usually materials associated with the base information security level (restricted).

Exceptions consist of:

  • Interviews whose content concerns a person's sensitive personal data as defined in GDPR, which means that the interviews are then classified as being on the increased information security level (confidential). Sensitive personal data is by definition data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
  • Interviews that deal with trade secrets are also classified as being on the increased information security level (confidential).
  • Cases where the interviewee has required a particularly high level of confidentiality.

For more information on information security levels, see the PDF file Instructions for handling and storing data and documents on different information security levels on the page of Information Management at Hanken.

The following rules apply when recording interviews:

  • Recording with mobile phones
    • Recording with a mobile phone is allowed provided that the phone is in personal use and protected with a PIN, password, or biometric login.
    • Files on the base information security level are transferred via Hanken's OneDrive to the personal computer, or other appropriate storage medium.
    • Files on the increased information security level are transferred to your own computer via a USB cable.
  • Recording with dictaphones
    • Dictaphones usually lack security features such as PINs or passwords. A dictaphone containing interviews' content must therefore be handled with care so that it does not fall into the wrong hands. The materials should be transferred to another storage medium, e.g., OneDrive or your own computer's disc as soon as possible after the interview. The files should then be removed from the recorder.
  • Recording of teleconferences
    • Interviews on the base information security level can be recorded through a teleconference in Microsoft Teams. The conference must be arranged through a Hanken user account. The recorded files are created directly in the cloud service and can then be transferred to other suitable storage media.

Using panel data

For surveys, you can also use respondents from participants pools/panels (e.g., Amazon MTurk, Prolific Academic). If doing so, all the same principles for data processing and protection apply as for other sources of respondents. Especially, remember to inform the respondents (on the cover letter or first page of the survey) about the purpose of data gathering and processing, about whether any direct identifier information is stored (stored at all, stored in separate file, or in the same file as the research data), and how and when all the data will be erased. Note that if the actual survey instrument that you use is not Hanken-provided Webropol (but e.g., Qualtrics), you have to check with that there is a Data Processing Agreement in place with the provider of the survey instrument.

Data formats and organizing

Research data exist in many different forms. It is recommended to use standard, interchangeable and non-proprietary data formats to ensure data reusability. See File formats and Recommended formats by UK Data Service.

It is also recommended data files are clearly named, well organised, and version controlled throughout the research:

  • Create a brief and meaningful system with file names at the beginning of the project. Do not use the same name twice for data files.
  • Sensible file names and well-organised folder structures make it easier to find and keep track of data files for both others and yourself.
  • Keep the balance between shallow and deep folder hierarchy so data files are fitly located and easily findable.
  • A clear folder system helps also in access control if you work with (sensitive) personal data or confidential data.
  • Version control makes it possible to return to an older version of a specific file.
  • Write a readme file to provide information about the data files to ensure that they can be interpreted correctly. See Metadata and data documentation.

Learn more about the best practices in naming and and structuring your data: