Data management

Collecting personal data

When collecting personal data, it is important to inform your research participant of how their data is processed. This is a crucial part of the principle of transparency as set out in the General Data Protection Regulation of the European Union (GDPR). Research participants should obtain the information from you about how their personal data are being collected, used, stored, disseminated, or otherwise processed. For more information see Informing research participants about the processing of their personal data by Finnish Social Science Data Archive (FSD).

You need consent when quoting a person directly. In your written paper, credit both the original and the secondary sources. This means you need to cite both the original and secondary sources in in-text citations within the paper, and cite only the secondary source in your reference list at the end of the paper.

Proceed as follows when collecting personal data:

• If the personal data are collected from research participants (for example, when the participant is interviewed, fills out a questionnaire, or is observed by audio/video recording in a performance or social interaction carried out by the participant), you need to provide your research participants the information about the processing of their personal data at the time when you are collecting/obtaining the data. You may provide the information, for instance, at the beginning of the interview or questionnaire.
• If the personal data are received from a source other than the research participant (for example, from other data controllers, publicly available sources or other data subjects, or combing register data with your research data), research participants should be informed about the processing of their personal data within a reasonable period of time, however, no later than one month counting from the point when the personal data are collected/received by you.

This applies when you collect secondary data from online forum/social media and you need to ensure that data processing is fair to all the data subjects involved, and that their fundamental rights are respected in compliance with ethical and privacy principles and relevant terms and conditions of the platform. When applicable, the DPO’s contact details ought to be given to the data subjects involved in the collection and processing of the data from online forum/social media.

Give your/the researcher's name and email address to the research participants in case they have any questions. In case of complaints, they can contact the Data Protection Officer of Arcada dataprotection@arcada.fi.

Templates:

Participant Consent Form

Participant Information Sheet

Security instructions for handling recorded interviews

Recorded interviews are usually materials associated with the base information security level (restricted).

Increased security level (confidential) is required:

• when interviews concern a person's sensitive personal data, such as data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
• when interviews deal with trade secrets.
• when the interviewee has required a particularly high level of confidentiality.

The following rules apply when recording interviews:

• Recording with mobile phones
  • Recording with a mobile phone is allowed provided that the phone is in personal use and protected with a PIN, password, or biometric login.
  • Files on the base information security level are transferred via Arcada's OneDrive to the personal computer, or other appropriate storage medium.
  • Files on the increased information security level are transferred to your own computer via a USB cable
• Recording with dictaphones
  • Dictaphones usually lack security features such as PINs or passwords. A dictaphone containing interviews' content must therefore be handled with care so that it does not fall into the wrong hands. The materials should be transferred to another storage medium, e.g., OneDrive or your own computer's disc as soon as possible after the interview. The files should then be removed from the recorder.
• Recording of teleconferences
  • Interviews on the base information security level can be recorded through a teleconference in Microsoft Teams. The conference must be arranged through an Arcada user account. The recorded files are created directly in the cloud service and can then be transferred to other suitable storage media.

Data formats and organizing

Research data exist in many different forms. It is recommended to use standard, interchangeable and non-proprietary data formats to ensure data reusability.

Data files ought to be named clearly, well organized, and version controlled throughout the research:

• Create a brief and meaningful system with file names at the beginning of the project. Do not use the same name twice for data files.
• Sensible file names and well-organized folder structures make it easier to find and keep track of data files for both others and yourself.
• Keep the balance between shallow and deep folder hierarchy so data files are properly located and easily findable.
• A clear folder system helps also in access control if you work with (sensitive) personal data or confidential data.
• Version control makes it possible to return to an older version of a specific file.
• Write a readme file to provide information about the data files to ensure that they can be interpreted correctly.

Learn more about the best practices in naming and structuring your data:

• "Chapter 2. Documentation during research project" in Making a research project understandable - Guide for data documentation, by Siiri Fuchs and Mari Elisa Kuusniemi at Helsinki University Library
• Files and File Formats by CSC
• Format your data by UK Data Service
• File formats by UK Data Service
• Recommended formats by UK Data Service