University and legal requirements
Guidance on University policy around research data management, as well as the legal requirements with which you should comply when using, creating and sharing research data.
Research data management is a requirement for researchers at the University, as well as a condition of many funders and publishers.
There are also legal requirements with which you should comply when using, creating and sharing research data.
University policy
The University of Sheffield maintains a Research Data Management Policy as part of its Good Research & Innovation Practices (GRIP) Policy. The key points are:
-
All researchers (staff and students) are responsible for looking after the data they collect and analyse, and overall responsibility lies with the lead researcher or supervisor.
-
All research proposals should have a data management plan.
-
Unless otherwise specified by a contract or the terms of a grant, data generated by research projects are the property of the University of Sheffield.
You should also refer to the University’s Records Retention Schedule when deciding which data to retain and dispose of.
Strategic leadership for the University’s Research Data Management Policy is provided by the Open Research Advisory Group.
Legal requirements
Intellectual property
Rights to intellectual property (IP) created by University employees are generally owned by the University. When creating data, however, you must consider the IP rights of all stakeholders involved, including research partners, collaborators and funders.
For further information, see Research, Partnerships and Innovation.
Copyright
When using existing data sources, you should always check who owns the copyright and the conditions under which you can reuse the data.
For further information, see our copyright hub.
Data licensing
All published research data should be licensed to show what users may or may not do with it. Licences, or waivers, are granted by the IPR holder, who should be established from the outset of the project.
Data repositories indicate which licences can be used for deposited data, from Creative Commons to more restrictive ones which may require permission for reuse.
For further information, see How to license research data (DCC).
Ethics approval and consent
It may not be possible to share, or even collect, personal or sensitive data unless specific consent is obtained from participants. It may, however, be possible to anonymise some data in order to make it available.
The University provides detailed guidelines relating to this area of research integrity and ethics.
GDPR and data protection
The General Data Protection Regulation (GDPR) gives individuals the right to know what information is held about them, while ensuring this information is handled properly. Researchers must adhere to data protection requirements when sharing or managing research data.
For further information, see GDPR and data protection, and also the University's Information Classification Scheme, which outlines potential data protection risks.
Freedom of information (FOI)
As the University is a publicly funded organisation, any recorded information held, including research data, may be subject to FOI requests for access.
If you object to the release of your data, for example on the grounds of confidentiality, you should contact the FOI Unit (staff only link).
Commercial confidentiality
Data obtained from a commercial partner, or licensed from a provider, may be subject to a confidentiality or collaboration agreement. This may prevent data sharing or place restrictions on how data may be used.
You should be aware if this is the case, but check with your supervisor if in doubt, or contact Research, Partnerships and Innovation.
Export control legislation
Export controls are measures imposed by the government to regulate the transfer of goods – including data – to other states.
These controls apply to items on the UK Strategic Export Control Lists, where there are end-use or end-user concerns, and when destinations are subject to sanctions or other restrictions. For example, applied research that could be misused for military purposes would be considered particularly high risk.
You should read the information provided by Research, Partnerships and Innovation (staff only link) before making data available to any organisations or individuals outside the UK and email them at duediligence@sheffield.ac.uk with any queries.
University Principles
Generative AI
The University provides access to Google Gemini (previously called Google Bard) to all staff and students to use, and is the preferred GenAI of choice where possible. The University also has guiding principles, for both staff and students, on the use of GenAI in general.
With regard to research data, the three main elements you should be aware of are;
- Not to input any personal data into AI tools, recognising the potential ways in which the companies developing the tools may access and use this data.
- Not to input any commercially or research sensitive data, or information provided under non-disclosure agreements into AI tools, recognising the dangers of third party access to such information.
- The implications and limitations of putting research data for analysis purposes into these tools.
There is also guidance around GenAI and copyright provided by the University.
For further information, the European Commission has created guidelines for responsible use of generative AI in research, which also include a useful and accessible factsheet.
For further information, contact rdm@sheffield.ac.uk.