Skip navigation

UCD Search


UCD Office of Research Ethics

An Oifig Eitic Thaighde UCD

Data Protection & Management

Guidelines on the security and retention of research data

Content of research data

Research data comprises all recorded descriptive, numerical or visual material collected and used in the conduct of research, irrespective of medium. It may include physical and electronic records, digital images, microfilm, microfiche, audiotape, videotape and photographs. Research data may be augmented by objects, specimens and samples.

UCD owns all data generated by research projects conducted by or under its auspices, regardless of funding source, unless stipulated otherwise by funding agreement.

Responsibility for the management of research data
The Principal Investigator and/or researcher/supervisor is the custodian of the research data and is responsible for its management, including security, storage and retention. The Principal Investigator and/or researcher/supervisor is also responsible for informing the research participants of the researchers obligations in relation to the data.

Security of research data - access
The Principal Investigator and/or researcher/supervisor must determine and control access rights to research data. It is particularly important that access rights to personal data are strictly confined only to those who have been granted access . As well as ethical considerations , the privacy rights conferred by the Data Protection Acts 1988 and 2003 prohibit the processing of personal data without prior consent and, in the case of certain types of sensitive personal data, without the explicit written prior consent of the data subject. For the purpose of the Acts, processing includes storing, retrieving, accessing and retaining personal data. However personal data collected anonymously, or data that have been de-identified to the extent that the data subject can never again be identified from the data, do not come within the terms of the Acts.

Security of research data - storage
Once access rights have been established, data storage arrangements must also reflect the sensitivity of the data. Appropriate levels of storage security must therefore be established by the Principal Investigator and maintained by research participants. These will include strict protocols for the protection from unauthorised access of all physical and electronic locations where data are stored.

Retention of research data for duration of study
The Principal Investigator and/or researcher/supervisor must determine and make arrangements for the retention of data for appropriate periods following the conclusion of the project. Retention periods can vary depending on the research discipline, research purpose and type of data involved. They should therefore be determined on a project by project basis, taking into consideration any existing documented legal obligations governing retention periods, conditions imposed by research sponsors and the need to allow sufficient time for reference.

Once the period of retention has expired, research data must be disposed of or deleted securely and confidentially in a manner appropriate to its format.

Retention of research data for Archiving
The Principal Investigator and/or researcher/supervisor may wish to archive the collected data for the purposes of making it available for future use.  You should consult with your school as they may have a policy on how they archive material. Further information can also be sourced from a number of Irish organisations such as the Irish Qualitative Data Archive (IQDA) or the Irish Social Science Data Archive (ISSDA) - please see links below.

For a printable version of the above guidelines please see Data Storage & Retention
For more information regarding confidentiality please see the following HREC Policies:  Process of Seeking Informed Consent with examples  & HREC Doc 5 - Harm Risk Deception Privacy and Confidentiality 

Please also see the following websites:


Printable Version