Materials on the legal, contractual, and IT aspects of research data use are now available.

VPC data stewards, in cooperation with Ernst & Young Baltic, have prepared practical materials on the use of protected data in research. The materials are intended for researchers, research institutions, and research support staff in situations where research requires the use of data whose transfer, processing, or storage is affected by legal, contractual, confidentiality, or information security requirements.

These issues are particularly important when research involves personal data, health data, information containing trade secrets, intellectual property objects, critical infrastructure data, or other data whose use requires both a clear legal basis and an agreement with the data provider, as well as appropriate technical and organisational security measures.

Legal and contractual aspects

The legal materials help researchers and research institutions assess which conditions should be defined before receiving and using research data, and how to include these conditions in a data use agreement, especially in cases when data provided by a different institution.

The materials provide practical support on the following issues:

• how to determine the legal basis for data use and understand the responsibilities of the data provider and the data recipient;
• how to define the purpose of data use, the types of data, and the processing activities so that the data request is clear and justified;
• how to address confidentiality, data use restrictions, access conditions, and data sharing with other parties in an agreement;
• how to adapt the terms of a data use agreement to different types of data, such as personal data, health data, trade secrets, or intellectual property objects;
• how to define the data retention period, deletion or return procedures, and other conditions after the research project has ended.

IT and secure data management aspects

The IT recommendations complement the legal and contractual materials by helping researchers understand how the requirements set out in agreements and by data providers can be implemented in practice throughout the research data management process.

The materials provide practical support on the following issues:

• how to assess the protection level of protected data and determine which technical and organisational requirements apply to specific data;
• how to choose appropriate IT solutions for the secure receipt, storage, processing, sharing, and publication of data;
• how to organise access rights so that data are available only to those who need them for research purposes;
• how to reduce the risks of unauthorised access, data leakage, uncontrolled copying, or inappropriate data storage;
• how to plan responses to security incidents and ensure that the management of protected data remains transparent throughout the research data lifecycle.

Available materials

• Legal aspects of research data;
• Key aspects of data use agreements;
• IT recommendations for the management of protected research data;
• Presentation on IT recommendations for the management of protected research data.

The materials were prepared within the framework of the project “Support for the Implementation of Open Science, Development of Solutions for Research Data Sharing, and Participation in the European Open Science Cloud (EOSC)” (No. 2.1.3.1.i.0/2/23/I/CFLA/002).