Skip to Main Content

Writing Data Management Plans: Ethics, Compliance, GDPR

Legal & Ethical Requirements

Personal (or Sensitive & Personal) Data

Personal data may be defined as data relating to a living individual who is, or can be identified from, either the data itself or from the data in conjunction with other information that is in, or is likely to come into, the possession of a 'Data Controller'. 
Sensitive personal data is a specific set of “special categories” that must be treated with extra security. This includes information pertaining to:

  • Racial or ethnic origin;
  • Political opinions;
  • Religious or philosophical beliefs;
  • Trade union membership;
  • Genetic data; and
  • Biometric data (where processed to uniquely identify someone).

Ensure, when dealing with this data...

  • Gain informed consent for preservation and/or sharing of personal data. Do not just ask for permission to use the data in your study or make unnecessary promises to delete it at the end.

In your plan...

  • Consider anonymisation of personal data for preservation and/or sharing (truly anonymous data are no longer considered personal data)
  • Consider pseudonymisation of personal data (the main difference with anonymisation is that pseudonymisation is reversible)
  • Consider encryption which is seen as a special case of pseudonymisation (the encryption key must be stored separately from the data)
  • Explain whether there is a managed or governed access procedure in place for authorised users of personal data


More Guidance, Information, & Support is available from these resources...


Intellectual Property

Intellectual property (IP) refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce.

IP is protected in law by, for example, patents, copyright and trademarks, which enable people to earn recognition or financial benefit from what they invent or create. By striking the right balance between the interests of innovators and the wider public interest, the IP system aims to foster an environment in which creativity and innovation can flourish.

Source: WIPO

In your plan...

  • State who will own the copyright and IPR of any existing data as well as new data that you will generate. For multi-partner projects, IPR ownership should be covered in the consortium agreement.
  • Indicate whether intellectual property rights (e.g. Database Directive) are affected. If so, explain which and how will they be dealt with.
  • Indicate whether there are any restrictions on the re-use of third-party data.


For an expanded explanation and more DCU Supports regarding Ethics, Compliance, and GDPR please see the DCU RDM Guide or contact DCU Data Protection Unit

Science Europe - Practical Guide to the International Alignment of RDM


Comprehensive Guide to all Supports, Tools, & Resources available to DCU Researchers, at all stages of the data lifecycle. Provided by DCU Research Support, DCU Library, and ISS 

Data Protection Commission (Ireland)

World Intellectual Property Office