Research Data Management

When collecting personal data, you need to clarify the legal basis for processing personal data and provide sufficient, mandated information to the data subjects on the processing of their personal data.

For studies and thesis-writing by BSc/MSc/eMBA students, consent is usually used as the legal basis unless the student is a member of a research project where more senior researchers (PhD level or above) are involved (GDPR (point (a) of Article 6 (1)).

When collecting personal data, what BSc/MSc/eMBA students should do to comply with data protection laws includes:

• (1) Obtain data subjects' consent as the legal basis to collect and process their data.
  • Students can use Hanken's Consent to use and process personal data template to obtain consent.

• (2) Fill in and submit the e-form The Study's Privacy Notice and provide all the mandated information in the Privacy notice to the respondents/informants/research participants/data subjects about the processing of their personal data to fulfil the information provision obligation and transparency requirement (GDPR, Art. 12-14).
  • After submitting the e-form, click "Save the completed form as a file." Edit the downloaded RTF file, so it can be suitable for your respondents .
  • After submission, this Privacy notice e-form also functions as the Record of data processing activities which fulfils the record-keeping accountability (GDPR, Art. 30).

For research work conducted by researchers including PhD students, the legal basis is usually scientific research carried out in the public interest (based on the Finnish Data Protection Act (1050/2018, Section 4) and GDPR (point (e) of Article 6 (1)).

When collecting personal data, what researchers should do to comply with good data management practices, data protection regulations, and research integrity includes:

• (1) Obtain informed consent from the research participants, which is required by ethics, for example, TENK's guidelines.
  • Use Hanken's Informed consent template to obtain informed consent from the research participants.

• (2) Fill in and submit the e-form The Research's Privacy Notice and provide all the mandated information in the Privacy notice to the research participants about the processing of their personal data to fulfil the information provision obligation and transparency requirement (GDPR, Art. 12-14).
  • After submitting the e-form, click "Save the completed form as a file." Edit the downloaded RTF file, so it can be suitable for your research participants.
  • After submission, this Privacy notice e-form also functions as the Record of data processing activities which fulfils the record-keeping accountability (GDPR, Art. 30).  

More detailed information, see 4. Clarify the legal basis for processing personal data and provide data subjects with sufficient, mandated information in the Guidelines and procedures of personal data processing in research and studies at Hanken.

Hanken’s video platform Panopto can be used for transcribing research data, for both audio files and video files. The transcription is generated automatically by an AI service, which means that it is not perfect but using this service can significantly speed up transcription of research data. Hanken has made data management agreements with Panopto, so that you can use this service in accordance with the data security requirements and data protection regulations. Please note that you are nonetheless responsible for not sharing the research data in Panopto with anyone else.

Follow the instructions in the following PDF file carefully or watch the video "Transcribing research data with Panopto":

  •  Video: Transcribing research data with Panopto, by Mikaela Krohn:

Recorded interviews are usually materials associated with the base information security level (restricted).

Exceptions to the above consist of:

• Interviews whose content concerns a person's sensitive personal data, which means that the interviews are then classified as being on the increased information security level (confidential). 
• Interviews that deal with trade secrets are also classified as being on the increased information security level (confidential).
• Cases where the interviewee has required a particularly high level of confidentiality.

For more information on information security levels, see the PDF file "Instructions for handling and storing data and documents on different information security levels" on the page of Information Management at Hanken.

The following instructions apply when recording interviews:

• Recording with mobile phones
  • Recording with a mobile phone is allowed provided that the phone is in personal use and protected with a PIN, password, or biometric login.
  • Files on the base information security level are transferred via Hanken's OneDrive to the personal computer, or other appropriate storage medium.
  • Files on the increased information security level are transferred to your own computer via a USB cable.
     
• Recording with dictaphones
  • Dictaphones usually lack security features such as PINs or passwords. A dictaphone containing interview content shaould therefore be handled with care so that it does not fall into the wrong hands. The materials should be transferred to another storage medium, e.g., OneDrive or your own computer's disc as soon as possible after the interview. The files should then be removed from the recorder.
     
• Recording of teleconferences
  • Interviews on the base information security level can be recorded through a teleconference in Microsoft Teams. The conference shall be arranged through a Hanken user account. The recorded files are created directly in the cloud service and can then be transferred to other suitable storage media.

For surveys, you can also use respondents from participants' pools/panels (e.g., Amazon MTurk, Prolific Academic). If doing so, all the same principles for data processing and protection apply as for other sources from or about the respondents. Remember to obtain informed consent from the respondents and provide them with a Privacy notice with all the mandated information on the processing of their personal data. You can add the link to the Privacy notice on the cover letter or first page of the survey. See 4. Clarify the legal basis for processing personal data and provide data subjects with sufficient, mandated information.

Note that if the actual survey instrument that you use is not Hanken-provided Webropol (e.g., Qualtrics), you need to check with dpo@hanken.fi that there is a Data Processing Agreement (DPA) in place with the provider of the survey instrument.

Research data exist in many different forms. It is recommended to use standard, interchangeable, and non-proprietary data formats to ensure data reusability. See File formats and Recommended formats by UK Data Service.

It is also recommended that data files are clearly named, well-organised, and version controlled throughout the research:

• Create a brief and meaningful system for file names at the beginning of the project. Do not use the same name twice for data files.
• Sensible file names and well-organised folder structures make it easier to find and keep track of data files for both others and yourself.
• Keep the balance between shallow and deep folder hierarchy, so data files are fitly located and easily findable.
• A clear folder system helps also in access control if you work with (sensitive) personal data or confidential data.
• Version control makes it possible to return to an older version of a specific file.
• Write a readme file to provide information about the data files to ensure that they can be interpreted correctly. See Metadata and data documentation.

Learn more about the best practices in naming and and structuring your data:

• "Chapter 2. Documentation during research project" in Making a research project understandable - Guide for data documentation by Siiri Fuchs and Mari Elisa Kuusniemi at Helsinki University Library. 
• Files and File Formats by CSC.
• Format your data by UK Data Service.