NCN to DMP guidelines

Guideline of National Science Centre for Data Management Plan

NCN understands "data" to be both collected, unprocessed data as well as analysed, generated data. This definition covers all forms are conceivable; digital and non-digital (for example samples, completed questionnaires, sound recordings, etc.). 

1.1.  How will new data be collected or produced and/or how will existing data be reused?

  • This section should include a description of the context of the research.
  • How will new data be collected? Standards, methods, software.
  • What kinds of already existing data you will use? Own, held by a third party?
  • What quality assurance processes will you use? Calibration processes, repeated samples or measurements, data recording and capture standards, usage of controlled vocabularies, data entry validation, data peer review, etc. 
  • How will you organize your files and handle versioning?

1.2. What data (for example the kinds, formats, and volumes) will be collected or produced?

  • What type, format and volume of data will you collect, generate or reuse?
  • What volume of data will you generate? 
  • Give details on the data format (preference to open and standard formats).

2.1. What metadata and documentation (for example methodology or data collection and way of organising data) will accompany data?

  • What metadata will the data be described with?

Metadata are: title of project, author(s) (with ID e.g. ORCID number), year, year of creation, keywords, brief description, discipline, funding agency, licence, relted publication.

  • What international standards or schemes (Dublin Core, Data Documentation Initiative DDI) will be used to structure metadata?
  • What information is required for users (computer or human) to read and interpret the data in the future?

Research data files and folders should be named and organised in such a way that they are identifiable and accessible to current and future users. The description of this section should indicate how the data is organised in the project, for example, the convention adopted, versions, and folder structure.

2.2. What data quality control measures will be used?

  • How you will be control quality of data?
  • How the data collection, analysis and processing methods used may affect the
    quality of data?
  • Indicate the existing mechanisms to prevent unauthorized changes in the institution?
  • How measurement error and bias will be eliminated?
  • How you will minimise the risks related to data accuracy?
  • If quantitative data needs to be cleaned?

3.1. How will data and metadata be stored and backed up during the research process?

  • What will be the method and procedures for making backups, and who will be responsible for them?

Specify your backup procedure (frequency of updates, responsibilities, automatic/manual process, security measures, etc. see Nextcloud AGH). 

e.g. 3-2-1 rule: 3 copies, on 2 different media, 1 copy stored in a different location from the others

  • How data will be recovered in the case of loss/damage?
  • If there are several researchers involved, create a plan with your collaborators and ensure safe transfer between participants.

e.g. authorised access, dedicated storage space, log-book

  • How data will be protected?

e.g. antivirus and file/folder/computer/cloud access passwords

  • Are special measures needed to transfer data from mobile devices, from fieldwork sites or from home equipment to a central work server?

3.2. How will data security and protection of sensitive data be taken care of during the
research?

  • Where sensitive data will be stored? 
  • How the data will be recovered in the event of an incident?
  • Who will have access to the data during the research and how access to data will be controlled, especially in collaborative partnerships?
  • Which institutional data protection policies has been implemented?

AGH University authorities have implemented the Information Security Management System (ISMS), which goal is to protect data and information. A structure of information security management includes, among others: DPO (Data Protection Officer) and IT System Administrator (Central and Local Officers).  The Data Protection Officer has been appointed in 2018. ISMS is based on the following documentations: Information Security Policy at AGH-UST (Regulation No. 9/2017), declaration of application, book of guidelines and security procedures, implementation and functioning of management control at AGH-UST (Regulation No.40/2012) and Personal Data Protection Policy (Regulation No. 26/2019). 

  • If the project does not concern sensitive data (no research involving human) the following notation should be included: "The project does not provide for the creation, storage and processing of sensitive data".

4.1. If personal data are processed, how will compliance with legislation on personal data
and on data security be ensured?

  • Will personal data be collected and processed in the project? If so, how will the protection of this data be ensured?
  • Do you need to use anonymisation throughout a data collection? Data encryption?

The encryption key must be stored separately from the data. It is important to remember to make a clear distinction between personal data, which will be kept confidential and eventually destroyed, and anonymised research data, which will be kept indefinitely and shared with others.

  • Has an access procedure been defined for authorised users of personal data?

The documentation of the personal data processing consist of:

  • Register of processing activities
  • Register of processing activities category
  • Register of personal data breach
  • Report of personal data breach
  • Entrustment agreement for the processing of personal data

Management procedure of the personal data access is specified in the Personal Data Protection Policy of AGH University (Regulation No. 26/2019)

It is worth consulting the AGH Data Protection Officer on the management of sensitive and personal data in the project (if research involving human subjects is planned).

  • If the project does not concern personal data (no research involving human) the following notation should be included: "The project does not provide for the processing of personal data".

4.2. How will other legal issues, such as intellectual property rights and ownership, be
managed? What legislation is applicable?

  • Who will be the owner of the data (indicate all owners)?
  • Which licences will be applied to the data?
  • What restrictions apply to the reuse of third-party data?

NCN recommends that data be made accessible under licence CC0 or CC BY.

  • Do you need to seek copyright clearance before sharing data?

For projects funded by the National Science Centre and the EU, ownership of the data belongs to the Institution, not to the individual researcher.

In terms Intellectual Property Right will be applied: Law of Copyright and Related Rights, Idustrial Property Law, Regulations for the management of copyright and related rights, as well as industrial property rights, and principles of commercialisation at AGH (Regulation no 18/2015) or rules laid down by the funding agency or Regulation of RODBUK Cracow Open Research Data Repository (if data are deposited there).

If the project will result in an invention, patent or commercialisation, it is worth consulting the AGH patent attorney.

5.1. How and when will data be shared? Are there possible restrictions to data sharing
or embargo reasons?

  • When data will be accessible: during or after the research? How will potential users find out about them?

Data have to be shared as soon as possible, but at the latest at the time of publication of the respective scientific output e.g. scientific article, monograph, database. 

  • For how long will the data be stored in the repository?

National Science Centre requires that research data be stored minimum 10 years, metadata — indefinitely.

  • Are there any barriers and constraints to making the research data fully or partially accessible?

If the opening of the data will be delayed or limited in time, e.g. for publication, protection of intellectual property or applying for patents, the expected date of release should be indicated.

  • Will journal publishers require deposit of data supporting article findings?
  • Does the sharing of data require the consent of the participant?

5.2. How will data for preservation be selected, and where will data be preserved long-term (for example a data repository or archive)?

  • What data must be retained or destroyed for contractual, legal, or regulatory purposes?
  • How it will be decided what data to keep?
  • What procedure would be used to select data to be preserved?

You do not have to share everything - but you have to justify the criteria used to select the data to be shared.

  • Does the repository in which the data will be long-term stored respect the FAIR principles?

When data will be deposited in the RODBUK, it will be made available in accordance with the FAIR principles for a minimum of 10 years, and the metadata describing it indefinitely.

5.3. What methods or software tools will be needed to access and use the data?

  • Do data need to be converted to a standard or open format with long-term validity for long-term preservation?

If specialised data, for reasons of preserving its quality, cannot be converted into commonly available software, it should be indicated what software will be necessary to open it. Users should be informed whether they will need specific tools to access and (re)use the data.

  • What mechanism will be used for data sharing?

e.g. request handled directly, repository

5.4.  How will the application of a unique and persistent identifier (such as a Digital Object Identifier (DOI)) to each data set be ensured?

  • Will a persistent identifier for the data be obtained?
  • Which existing persistent identifier will be used (e.g. Digital Object Identifiers, Accession Numbers)?

When data will be deposited in the RODBUK it will be permanently assigned a Digital Object Identifier (DOI) for the electronic document.

6.1. Who will be responsible for data management (i.e. data steward)?

  • Who will be responsible for data management during the research?
  • Who will be responsible for data management after the research is finished? Will it be someone from the project or the repository where the data will be deposited?

Indicate who is responsible for implementing the DMP, and ensuring it is reviewed and revised.

The person responsible for managing the research data in the project will be the person implementing the research activities - the project manager (name, position, function, department) or his/her designee. Once the data has been deposited in the RODBUK, the RODBUK AGH administrators will be responsible for further data management.

6.2. What resources will be dedicated to data management and ensuring that data will be FAIR?

  • What are the costs for making data FAIR in your project?
  • If the additional resources will be needed to prepare data for deposit?

It needs to be determined whether additional resources will be necessary for archiving, data storage (time, external drives, additional storage space, paid repository) and how they will be paid for? Is it envisaged to employ a research data manager? If so, please write how much this will cost and how it will be paid for.

The costs of research data management can be covered by 2% of the indirect costs of Open Access, settled in a flat rate.

In the case of depositing data in the RODBUK, the following should be noted: the costs of post-project research data management are paid by the AGH University of Krakow.

Prepared on the basis of Guidelines for applicants to complete the Data Management Plan form in the proposal National Science Centre and the applicable regulations in AGH University of Krakow.