Skip to main content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Research Data Management

Why You Should Care About Security

The security of your data is its protection from unauthorised access. Legal, ethical, and institutional requirements are usually placed on research projects in addition to your own desire for data security.

Legal aspects

The European General Data Protection Regulation (GDPR) protects personal data by defining which aspects are especially sensitive and how researchers and other people can collect or manage such data. While it is European in nature, it applies for foreign researchers working with European data. The Swiss Federal Act on Data Protection (FADP) also applies to researchers based in Switzerland and Swiss subjects abroad.

Contractual aspects

Your research data management and storage solutions must also respect your contractual requirements. Projects funded by the Swiss National Science Foundation (SNSF) or the European Research Council (ERC) must follow their guidelines. If you use data from a third party, your contract may also include an NDA or additional conditions requiring specific security measures regarding data storage and access.

More ethical aspects

Additional requirements are set by different ethical codes that may apply to your research field. The Research Ethics page created by the Research Office will help you understand them. Beyond human subjects, ethical issues can also make you wary regarding data such as geolocated information on the last specimens of an endangered species that may be targeted by poachers.

What You Can Do With...

Case 1: No personal or sensitive data

Great! Do as you want! No storage solution is excluded for security reasons.

Case 2: Personal data that is not sensitive

If you plan on using cloud services, note that major players are GDPR-compliant, but this still requires you to get informed consent about the storage solution from your subjects. Outside cloud services, you should be fine as long as you do not publish personal information.

Case 3: Sensitive data

Data about religious, political, sexual, medical, or other sensitive issues requires special care:

  • The use of cloud services is excluded.
  • The institutional drives of IHEID are validated for this by the European Research Council (ERC).
  • If using your personal hard drive, it should be encrypted.
  • E-mailing such data is completely unacceptable.
  • The data should be anonymised as early as possible.
  • The requirement for informed consent now also includes information about the security of the collected data.
  • Check with a Data Protection Officer (DPO) or the Research office for precise recommendations regarding your data.