Skip to Main Content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Research Data Management

Collecting personal data

When collecting personal data, you need to clarify the legal basis for processing personal data and provide sufficient, mandated information to the data subjects on the processing of their personal data.

For studies and thesis-writing by BSc/MSc/eMBA students, consent is usually used as the legal basis unless the student is a member of a research project where more senior researchers (PhD level or above) are involved (GDPR (point (a) of Article 6 (1)).

When collecting personal data, what BSc/MSc/eMBA students should do to comply with data protection laws includes:

  • (2) Fill in and submit the e-form The Study's Privacy Notice and provide all the mandated information in the Privacy notice to the respondents/informants/research participants/data subjects about the processing of their personal data to fulfil the information provision obligation and transparency requirement (GDPR, Art. 12-14).
    • After submitting the e-form, click "Save the completed form as a file." Edit the downloaded RTF file, so it can be suitable for your respondents .
    • After submission, this Privacy notice e-form also functions as the Record of data processing activities which fulfils the record-keeping accountability (GDPR, Art. 30).

 

For research work conducted by researchers including PhD students, the legal basis is usually scientific research carried out in the public interest (based on the Finnish Data Protection Act (1050/2018, Section 4) and GDPR (point (e) of Article 6 (1)).

When collecting personal data, what researchers should do to comply with good data management practices, data protection regulations, and research integrity includes:

  • (2) Fill in and submit the e-form The Research's Privacy Notice and provide all the mandated information in the Privacy notice to the research participants about the processing of their personal data to fulfil the information provision obligation and transparency requirement (GDPR, Art. 12-14).
    • After submitting the e-form, click "Save the completed form as a file." Edit the downloaded RTF file, so it can be suitable for your research participants.
    • After submission, this Privacy notice e-form also functions as the Record of data processing activities which fulfils the record-keeping accountability (GDPR, Art. 30).  

 

More detailed information, see 4. Clarify the legal basis for processing personal data and provide data subjects with sufficient, mandated information in the Guidelines and procedures of personal data processing in research and studies at Hanken.

Transcribing qualitative data

Hanken’s video platform Panopto can be used for transcribing research data, for both audio files and video files. The transcription is generated automatically by an AI service, which means that it is not perfect but using this service can significantly speed up transcription of research data. Hanken has made data management agreements with Panopto, so that you can use this service in accordance with the data security requirements and data protection regulations. Please note that you are nonetheless responsible for not sharing the research data in Panopto with anyone else.

Follow the instructions in the following PDF file carefully or watch the video "Transcribing research data with Panopto":

  •  Video: Transcribing research data with Panopto, by Mikaela Krohn:

Security instructions for handling recorded interviews

Recorded interviews are usually materials associated with the base information security level (restricted).

Exceptions to the above consist of:

  • Interviews whose content concerns a person's sensitive personal data, which means that the interviews are then classified as being on the increased information security level (confidential)
  • Interviews that deal with trade secrets are also classified as being on the increased information security level (confidential).
  • Cases where the interviewee has required a particularly high level of confidentiality.

For more information on information security levels, see the PDF file "Instructions for handling and storing data and documents on different information security levels" on the page of Information Management at Hanken.

The following instructions apply when recording interviews:

  • Recording with mobile phones
    • Recording with a mobile phone is allowed provided that the phone is in personal use and protected with a PIN, password, or biometric login.
    • Files on the base information security level are transferred via Hanken's OneDrive to the personal computer, or other appropriate storage medium.
    • Files on the increased information security level are transferred to your own computer via a USB cable.
       
  • Recording with dictaphones
    • Dictaphones usually lack security features such as PINs or passwords. A dictaphone containing interview content shaould therefore be handled with care so that it does not fall into the wrong hands. The materials should be transferred to another storage medium, e.g., OneDrive or your own computer's disc as soon as possible after the interview. The files should then be removed from the recorder.
       
  • Recording of teleconferences
    • Interviews on the base information security level can be recorded through a teleconference in Microsoft Teams. The conference shall be arranged through a Hanken user account. The recorded files are created directly in the cloud service and can then be transferred to other suitable storage media.

Using panel data

For surveys, you can also use respondents from participants' pools/panels (e.g., Amazon MTurk, Prolific Academic). If doing so, all the same principles for data processing and protection apply as for other sources from or about the respondents. Remember to obtain informed consent from the respondents and provide them with a Privacy notice with all the mandated information on the processing of their personal data. You can add the link to the Privacy notice on the cover letter or first page of the survey. See 4. Clarify the legal basis for processing personal data and provide data subjects with sufficient, mandated information.

Note that if the actual survey instrument that you use is not Hanken-provided Webropol (e.g., Qualtrics), you need to check with dpo@hanken.fi that there is a Data Processing Agreement (DPA) in place with the provider of the survey instrument.

Data formats and organizing

Research data exist in many different forms. It is recommended to use standard, interchangeable, and non-proprietary data formats to ensure data reusability. See File formats and Recommended formats by UK Data Service.

It is also recommended that data files are clearly named, well-organised, and version controlled throughout the research:

  • Create a brief and meaningful system for file names at the beginning of the project. Do not use the same name twice for data files.
  • Sensible file names and well-organised folder structures make it easier to find and keep track of data files for both others and yourself.
  • Keep the balance between shallow and deep folder hierarchy, so data files are fitly located and easily findable.
  • A clear folder system helps also in access control if you work with (sensitive) personal data or confidential data.
  • Version control makes it possible to return to an older version of a specific file.
  • Write a readme file to provide information about the data files to ensure that they can be interpreted correctly. See Metadata and data documentation.

Learn more about the best practices in naming and and structuring your data: