Skip to main content
Ethics & Governance
Wind turbines against a blue sky reflected in ground water

*links to internal site.

Research Data Management Policy

1. Context

1.1 Durham University recognises the value of research data as a key institutional asset which is at the core of delivering and evidencing research quality and integrity. The University recognises its responsibility to support and enable members of our community to manage this effectively. It is vital that robust research data management, open data policies and procedures are in place to ensure that research conducted by the institution meets the highest standards to comply with legislative, regulatory, audit, funding body, partner (stakeholder) and internal requirements.  The University is committed to managing this data throughout its lifecycle, in a manner compatible with the best interests of the institution and its researchers.

1.2 This policy underlines the University’s commitment to the Universities UK Concordats on open research data and research integrity, by highlighting the importance of` the management of research data to good governance and best practice.

1.3 Further to this, in line with many funders including UK Research and Innovation (UKRI), Horizon Europe and UK research charities commitment to open data and to ensuring that the outputs from research are freely accessible, the University requires research data to be managed efficiently and effectively to facilitate such use, sharing and publication as appropriate to ensure the maximum benefit is derived from any research undertaken under its auspices. 

2. Scope

2.1 This policy applies to any research data that is created and / or processed in the course of Research for which the University is the Sponsor or is otherwise responsible.  This policy applies to all members of the University conducting research, or involved in the creation, collection, or curation of research data. This includes all employees (including technical and other support staff), postgraduate research students and individuals undertaking work in the University's name (including persons with honorary positions). The policy does not usually apply to taught postgraduate or undergraduate students, except where the outcomes of research have been included in published research outputs. However, the University expects students to be encouraged to adhere to the principles of good practice in Research Data Management. 

2.2 The overarching principles in this policy also apply to data created and / or processed in the course of other activities in scope of the Work with Outside Bodies Policy, including Consultancy, Services for outside bodies, Research Commercialisation, and other Impact, Collaboration, Knowledge Exchange and Engagement Activities (see Work with Outside Bodies Policy, Appendix One for definitions).

2.3 Types of research data covered by this policy are set out in the Glossary below.

2.4 Administrative records arising from research projects are covered by the University's Records Management Policy* and support for these activities are provided by the University's Information Governance Unit.

2.5 Where the management or use of data is subject to specific contractual terms (which may be more restrictive, e.g. data sharing or access agreements), these will take precedence over the general requirements of this policy.

3. Aims and Objectives

3.1 This purpose of this policy is to provide a framework for best practice in the management of research data at the University.

3.2 In achieving this aim, the policy has the following specific objectives:

  1. To embed best practice in the management of research data - including but not limited to the appropriate use of data management plans - in research practice and procedures.

  2. To clearly set down where responsibilities around the management of research data assets reside.

  3. To ensure that valuable research data assets are stored, preserved, reviewed and disposed of in accordance with all legal, ethical and contractual requirements.

  4. To reduce the impact and risk presented by the mismanagement of research data, including both unintended loss and/or disclosure of valuable or sensitive research data.

  5. To support and encourage the open publication of research data, where appropriate or where required, whilst recognising and adhering to all ethical, legal or commercial obligations relating to the sharing of research data.

  6. To ensure that published research data adheres to the F.A.I.R. Data Principles - being Findable, Accessible, Interoperable and Reusable.

  7. To ensure that the University, and its staff and students, can comply fully with the requirements of specific funding bodies, where these apply.

  8. To provide confidence for researchers, those we collaborate with, the funders of our research and all other stakeholders that the University has a robust approach to ensuring best practice in the management and sharing of research data.

4. Governance of Research Data

4.1 The Research Data Management Policy and the services it describes provide support and guidance for researchers and support staff to allow them to create and manage data in a manner compliant with the obligations placed on them.

4.2 Senate has ultimate responsibility for Research Data Management in the University. Practical responsibility for research data is devolved to the Research Data Service, which reports to Research Committee (with dotted line reporting to Education Committee). 

4.3 Some of the research data may include personal or identifiable information which must be handled in line with the Data Protection Act 2018. Support and guidance on what you need to consider can be accessed through the University Information Governance Unit*.

4.4 The Research Data Service is the University single point of contact, expertise and support for researchers in relation to research data. Enquiries should be directed via the Research Data Manager: research.data@durham.ac.uk.

5. Data Management Responsibilities

5.1 Effective Research Data Management covers a range of different areas of activity where responsibility and provision of service may vary across the University, and accounting for disciplinary differences.

5.2 Operational responsibility for effective data management lies with project leads/principal investigators (PIs). However, all individuals, including postgraduate and undergraduate students, have a responsibility for effective management of the data they create, process, or manage.

5.3 PIs may delegate the responsibilities outlined in this policy within their project team, provided that this is clearly documented, and the delegates are capable of discharging their responsibilities.

5.4 In the case of collaborative projects, if the Principal Investigator is based elsewhere, the lead researcher at the University must take responsibility for all data generated here.

5.5 Principal Investigators (PIs) are responsible for:

  1. Ensuring that they and their research team are aware of any funder data management requirements and are responsible for making themselves familiar with and adhering to legislation (including data protection and trusted research), contractual obligations and funder policies governing their research data. 

  2. Preparing and maintaining a clear research data management plan, detailing how project data will be handled throughout the data lifecycle. The University’s standard format should be used (unless the funder had mandated the use of their own). 

  3. Ensuring that any ethical, IP, contractual or data licensing and sharing issues have been considered and appropriate agreements put in place before work begins.  This includes considerations around the ethical used of secondary data.

  4. Where there is the use of personal data ensure that participants are aware, at the time of consent to participate, how the data will be anonymised, used and stored including the potential for its use in future research.

  5. Ensuring that data security and storage requirements, considering requirements for archiving and long-term curation, have been costed and secured where these are beyond what the University provides as standard.

  6. All data created or processed resulting from research activity is stored and managed in compliance with this policy and the research data management plan.

  7. Research data is:

    1. registered with the University irrespective of where it is stored;

    2. stored securely in a format appropriate to the data and supporting interoperability;

    3. named or labelled in a manner that enables identification (metadata), discovery and (if appropriate) re-use; 

    4. backed up / protected in accordance with institutional policy and requirements for preservation.

  8. Identifying and preserving all their research data (whether shareable or not) that would be required to validate published research findings in the future. 

  9. Planning for the curation and management of their data after project completion.

  10. Making the University aware of any requirement for variation to the standard retention period at the time of deposit.

  11. Providing an accurate and approved date for destruction to the University.

  12. Ensuring that data held in any non-University repository is destroyed according to the agreed schedule and updating the University data catalogue with the date of destruction.

  13. Publishing and sharing data where this is ethical, legal and appropriate.

5.5.1 When publishing sharable research data, Principal Investigators are responsible for:

  1. Ensuring that the metadata for data underpinning published research findings is accessible online in a repository no later than the first date of publication of the output (of whatever type), unless variation is required by contract, making data accessible where appropriate. Advice on choosing a repository is available from the Library.

  2. Registering the location of their research data with the University.

  3. Ensuring any datasets published are accompanied with a README file. A README file provides user documentation about a data file and is intended to help ensure that the data can be correctly interpreted, by yourself at a later date or by others when sharing or publishing data.

  4. Including data access statements within publications detailing how and on what terms data may be accessed, including acknowledgement of data collectors and owners as appropriate.

  5. Preparing data to ensure anonymity of any participants prior to data release.

  6. If you use non-Durham discipline repositories for research with human participants you may be asked to provide copies of the information sheets, privacy notices and consent forms alongside the anonymised data.

  7. Accessing support via the Research Data Service when you are not sure if data can be made available or if the data is restricted or there are concerns about a data access request. If you have concerns about appropriate sharing of datasets you can contact the Research Data Service for advice to consider whether it is appropriate to share closed data with another organisation or if there are conflicts around dataset use.

5.6 The University and specified departments are responsible for:

  1. Providing best practice advice on data preservation and curation.

  2. Monitoring and developing policy to support best practice in Research Data Management.

5.6.1 Library

  1. Providing an Institutional Data Management Plan template and supporting guidance.

  2. Providing advice, support and training on:

    1. the creation of an effective data management plan.

    2. the storage, labelling, management and preservation of data.

    3. metadata standards to support the discovery, identification and re-use of research data.

    4. the sharing and publication of research data.

  3. Providing advice and template data access statements.

5.6.2 Research & Innovation Services*

  1. Advising appropriate staff time is costed in grant applications to manage data during the project.

  2. Advising data storage requirements are appropriately costed and included in the grant application Providing guidance on funder Terms and Conditions and expectations related to research data management.

  3. Training and guidance around the ethical responsibilities in managing research.

  4. Negotiating and executing appropriate data sharing and legal agreements in collaboration with the University Information Governance Unit.

  5. Providing advice on grant transfers and associated data in and out the University.

5.6.3 Computing and Information Services

  1. Providing a clear costing framework for research data.

  2. Facilitating the secure storage of data through the provision of access to appropriate data storage.

  3. Providing a data catalogue for the registration of data location.

  4. Providing technical advice on transfer of data in and out of the University

5.6.4 Library and Computing and Information Services

  1. Providing an institutional research data repository

6. Ownership of Research Data

6.1 Ownership of research data is defined in the University’s Intellectual Property Policy*.

6.2 If researchers/employees leave the University, data and records relating to any research conducted under the auspices of the University remain the property of the University, unless otherwise vested by contract. Remaining data files should be assigned a data custodian responsible for the management of the data.

6.3 When a researcher leaves Durham, the University will continue to own the IP rights to any research data created by the researcher while employed at Durham, but will normally grant a licence to allow the researcher to publish the research and to use the research results in future research and teaching, subject to any contractual or ethical restrictions on the use of the data.  Durham University should be acknowledged in publications arising from the data generated while the researcher was employed by the University. Any future use of the data should be aligned with expectations in the UK Concordat on Research Integrity and the Durham IP policy.

6.4 New employees bringing with them existing research contracts are required to comply with the University’s policy on research data and records from the commencement of their employment. 

7. Procedures and Guidance

7.1 All researchers need to be aware of the following for their research, and to allow the PI and delegated persons to meet their responsibilities:

7.2 Data Management Planning

7.2.1 Consideration should be given to appropriate arrangements for managing project data, including appropriate procedures for collection, storage, use, re-use, access, retention and eventual destruction.  This will take the form of a data management plan. Templates are available in DMPonline, and advice on preparing a DMP can be obtained from research.data@durham.ac.uk.

7.2.2 Some research funders mandate the use of a Data Management Plan, and where mandated or recommended the expectation and best practice is that a DMP is reviewed and updated during the lifetime of a research project.

7.3 Data Security and the Collection of Personal Research Data

7.3.1 All research data should be managed in line with the University’s Information Security Policy* unless funding terms or ethical requirements require specific restricted requirements.

7.3.2 Where the collection of research data may include personal data, this must be handled in line with the Data Protection Act 2018. Any research project which aims to collect and use personal data would usually also be covered by the University’s Research Integrity Policy and Code of Good Practice. Support and guidance on what you need to consider can be accessed through the University Information Governance Unit*.

7.3.3 Privacy by design should be in place as part of the project planning and data management to protect any personal data collected, which at a minimum will include (i) the informed consent of identifiable individuals over how that data will be stored, preserved and where applicable shared, and (ii) provision to store the data in a fully anonymised form that protects the confidentiality of individuals. The Information Governance Unit provides guidance on Anonymisation of personal data*.

7.4 Storage of Research Data

7.4.1 All project data and records (whether digital or non-digital) should be:

  1. Accurate, complete, authentic and reliable;

  2. Held (and shared) in a manner compatible with consent and permissions;

  3. Stored with adequate metadata and/or documentation to ensure it remains identifiable, retrievable and re-usable.

  4. Stored securely and protected from loss, in line with applicable information security standards;

  5. Kept in a manner compliant with the project’s legal, ethical and funding obligations;

  6. Managed and Preserved in a manner that facilitates reproduction and re-use, including conversion to an appropriate electronic format to support long term preservation and interoperability (if this can reasonably be achieved).

7.5 Sharing of Research Data

7.5.1 Research data should be deposited in an appropriate repository before publication of related findings, with appropriate metadata. Wherever possible, data should be published in line with FAIR Data Principles (Findable, Accessible, Interoperable and Reproducible), with the general principle being that research data should be ‘as open as possible, as closed as necessary.’ This should include:

  1. the use of appropriate Persistent Identifiers (PIDs), including but not limited to Digital Object Identifiers (DOIs), ORCID and Funder and/or Grant Identifiers.

  2. publication under an appropriate open licence to facilitate citation, appropriate credit and attribution and clearly indicate terms of reuse.

7.5.2 It is important that the metadata is open (subject to funder terms and conditions) even if the datasets themselves cannot be made freely available.

7.5.3 Data should remain accessible to the project team and where appropriate their collaborators and funders for the duration of its archive period. The University also maintains a right to access data for the purposes of audit and verification. 

7.5.4 Researchers are encouraged to consider the extent or manner in which Research data may be made more widely available where this is deemed to be of value to the University, for example in fulfilling funder requirements or extending the reach or impact of the Research. This must take into account any ethical (including consent, privacy and confidentiality) or contractual (including IP, legal, regulatory or funding) considerations precluding its release. Data collectors and / or owners must be appropriately acknowledged in any re-use of data.

7.5.5 Where data is supplementary to a publication (e.g. a research article), researchers should usually ensure that the publication includes a clear data access statement indicating if and how a reader might access that data, whether this has been published or not. Some funders require a data access statement is included in every article, even where there is no separate supplementary research data (in which case the statement should clearly inform the reader that all relevant data is already included within the publication).  Further information is available from the Library.

7.6 Retention of Research Data

7.6.1 All source Research data should be held for 10 years from the publication date of the Research results (in the case of data supporting a publication), the end of the project (in the case of funded project data) or the end of active data collection (in the case of other data). The University may set a different retention period if any of the following apply:

  1. the data is governed by a contract or ethical consideration which stipulates a different retention period;

  2. the University requires retention of the data for a different period;

  3. the research underpins a patent or other commercial output;

  4. the data is unreproducible or has other long-term value.

7.7 Disposal and Destruction of Research Data

7.7.1 The destruction of data shall be undertaken in accordance with the data management plan, the sensitivity of the data concerned, and current best practice for the destruction of data.

7.7.2 Metadata about the data asset shall include the date and reason of data deletion and shall not be deleted.

8. Compliance

8.1 Failure to implement good data management may expose researchers to funder sanction and / or to research misconduct allegations, which will be investigated in line with the University’s research misconduct procedures. More generally, failure to comply with the requirements of this policy may be regarded as a disciplinary matter and subject to the University’s disciplinary procedures.

9. Glossary

Term Definition
Active Data Data created during the active phase of a research project.  Typically active data is shared by researchers working in collaboration.  (Source: S Jones, Digital Curation Centre).
Data Management Plan (DMP) A living document, ideally 8-10 pages in length, written by a researcher and specifying the research data that will be created during a research project, together with information on how it can be accessed and utilised.  Not a contract.  (Source: M Donnelly, Digital Curation Centre).
Data Repository A system or service where researchers can deposit their research data and obtain a DOI.  Three types of data repository exist:  institutional, multi-disciplinary and subject-specific.  A repository has access controls so that data may be open, restricted or closed.
Digital Object Identifier (DOI)

A unique code preferred by publishers in the identification and exchange of the content of a digital object, such as a journal article, Web document, or other item of intellectual property. The DOI consists of two parts: a prefix assigned to each publisher by the administrative DOI agency and a suffix assigned by the publisher that may be any code the publisher chooses. DOIs and their corresponding URLs are registered in a central DOI directory that functions as a routing system.

The DOI is persistent, meaning that the identification of a digital object does not change even if ownership of or rights in the entity are transferred. It is also actionable, meaning that clicking on it in a Web browser display will redirect the user to the content. The DOI is also interoperable, designed to function in past, present, and future digital technologies. The registration and resolver system for the DOI is run by the International DOI Foundation (IDF). CrossRef is a collaborative citation linking service that uses the DOI.  Click to learn more about the DOI.  (Source:  Reitz, Joan M.  Online Dictionary for Library and Information Science.  Libraries Unlimited, 2014.)
Digital Preservation Digital preservation refers to the series of managed activities necessary to ensure continued access to digital materials for as long as necessary. Furthermore it refers to all of the actions required to maintain access to digital materials beyond the limits of media failure or technological and organisational change. Those materials may be records created during the day-to-day business of an organisation; "born-digital" materials created for a specific purpose (e.g. research or teaching resources); or the products of digitisation projects.  (Source:  Digital Preservation Handbook. 2nd Edition,  Digital Preservation Coalition, 2015.)
FAIR Data Principles The fifteen F.A.I.R. data principles aim to increase the findability, accessibility, interoperability and reusability of research data.  They were published in Nature’s Scientific data in 2016.
Data Protection Act 2018 The Data Protection Act 2018 (c. 12) is a United Kingdom Act of Parliament which updates data protection laws in the UK. It is a national law which complements the European Union's General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998. This act controls how your personal information is used by organisations, businesses, or the government.
Metadata Literally, "data about data." Structured information describing information resources/objects for a variety of purposes.  Metadata has been categorized as descriptive, structural, and administrative. Descriptive metadata facilitates indexing, discovery, identification, and selection. Structural metadata describes the internal structure of complex information resources. Administrative metadata aids in the management of resources and may include rights management metadata, preservation metadata, and technical metadata describing the physical characteristics of a resource.  (Source: Reitz, Joan M.  Online Dictionary for Library and Information Science.  Libraries Unlimited, 2014.)
Open Data Open data are research data typically published in a data repository such that they are freely available without access charges or other barriers. Open data may be re-used subject to the terms and conditions specified in the licence.
ORCID identifier A persistent digital identifier that identifies a unique researcher/ contributor.  Also supports automated linkages among a researcher's professional activities.  An ORCID identifier and its connections are stored in the ORCID Registry, in an account owned and managed by an individual researcher.  ORCID is the name of the organisation which manages the identifiers and it stands for Open Researcher and Contributor ID.  (Source: ORCID web site)
Personal Data Personal data is information that relates to an identified or identifiable individual.  GDPR applies to this type of data.  Information about a deceased person does not constitute personal data and therefore is not subject to GDPR.
Research

Research is defined by the Frascati definition:

Research and experimental development (R&D) comprise creative work undertaken on a systematic basis in order to increase the stock of knowledge, including knowledge of man, culture and society, and the use of this stock of knowledge to devise new applications.  (See Work with Outside Bodies Policy, Appendix 1* for additional detail on activity definitions).
Research Data

Data that are collected, observed, generated, created or obtained from commercial, government or other sources, for subsequent analysis and synthesis to produce original research results.

For the purposes of this policy this includes data, information and records created, received, and maintained during research activities, in any format whether physical and electronic. These might be quantitative information or qualitative statements collected by researchers in the course of their work by experimentation, observation, modelling, interview or other methods, or information derived from existing evidence. Data may be raw or primary (e.g. direct from measurement or collection) or derived from primary data for subsequent analysis or interpretation (e.g. cleaned up or as an extract from a larger data set) or derived from existing sources where the rights may be held by others. 

Data may include statistics, instrument measurements, collections of digital images, sound or video recordings, transcripts of interviews, survey data and fieldwork observations with appropriate annotations, an interpretation, an artwork, archives, found objects, published texts or manuscripts, simulation data, models & software, slides, physical artefacts, specimens, samples, questionnaires, sketches, diaries, lab notebooks, social media data, etc.
Secondary and third-party data This is data which already exists and has not been generated specifically in a project. Where this is generated or owned by other organization this is third party data.
Sponsor The sponsor is the individual, company, institution or organisation, which takes on ultimate responsibility for the initiation, management (or arranging the initiation and management) of and/or financing (or arranging the financing) for that research.

10. Related Information

Version Control

Approval Date: 4th February 2025
Approved by: Senate

Contact for further information: research.policy@durham.ac.uk