Research Data Policy

A vast amount of valuable research data is generated through the research activities of staff and students at the University of Iceland. Proper handling in the collection, processing, storage and dissemination of data is of great importance, both from practical perspectives—such as ensuring access for collaborators during a research project—and from the perspective of research ethics and information security.

Research data can be useful for studies other than those for which they were originally collected. In recent years, increased emphasis has been placed on the long-term preservation and reuse of research data. Open science aims to make research data and outputs accessible to as many people as possible, guided by the principles of equality, enhanced collaboration and effective use of research investments. Article 4 of Act No. 45/2018 on the Re-use of Public Sector Information (as amended) addresses the authorisation to reuse publicly funded research data free of charge. With advances in data collection and analysis technologies, the volume of data has increased significantly, along with demands on information technology for processing, preservation and sharing. Developments in artificial intelligence offer new opportunities in data collection, handling and processing, but also present significant challenges, as the quality of research data must be beyond doubt if they are to be shared with the research community.

Robust data infrastructure is required to facilitate good data management. Data services at the University of Iceland is a collaborative effort involving several organizational units, primarily the Division of Science and Innovation (which operates the open repository GAGNÍS), the Division of IT Services (which operates the electronic research infrastructure IREI), and the academic schools. One of the objectives of this Data Policy is to strengthen these service components and improve communication so that services can be utilised as effectively as possible by all who need them.

1.1 Scope

The UI Data Policy applies to research data, in whatever form, that are collected and generated in connection with research conducted at the University of Iceland. Its purpose is to promote responsible collection, preservation, processing and dissemination of research data in accordance with open science requirements as set out by the scientific community, the requirements of funding bodies for data management plans and with due regard to data security, data protection, intellectual property rights and related considerations.

As a significant part of UI’s research activities is publicly funded, the Policy takes into account Act No. 45/2018 (as amended) on the Re-use of Public Sector Information and Directive (EU) 2019/1024 on open data and the re-use of public sector information, where the following applies to research data:

Data in digital form, other than scientific publications, that are collected or produced in the course of scientific research activities and are used as evidence in the research process, or are commonly accepted in the research community as necessary to validate research findings and results.
Research data includes statistics, results of experiments, measurements, observations resulting from fieldwork, survey results, interview recordings and images. It also includes meta-data, specifications and other digital objects.

The Directive and related legislation apply only to data already in digital form, but the UI Data Policy applies to research data in any format even though the main focus is on digital data. The Policy applies to all members of the University of Iceland research community, including academic staff, students and administrative staff.

In addition to the Act on the Re-use of Public Sector Information and the EU Directive, the UI Data Policy is intended to support and align with the following policies and guidelines:

• UI Strategy 2021-2026
• UI Research Infrastructure Plan 2024-2026
• UI Open Access Policy
• UI Information Security Policy
• Code of Ethics for Research
• UI AI policy

1.2    Responsibility

The University of Iceland is the owner of research data that is collected in connection with the university’s operations unless otherwise agreed. The university is therefore responsible for preserving data and metadata generated in connection with all research activities of staff and students. UI is also responsible for the preservation and management of samples (e.g. in biology, geology and chemistry), artefacts, recordings, photographs, laboratory notebooks and other primary research materials. UI’s responsibility for preservation primarily concerns data underlying published research results and patents. This responsibility applies not only when the individuals involved are employees or students at UI but also after they have retired or left the university.

The Vice-Rector for Research and Interdisciplinary Studies is responsible for the content of this Data Policy, and the Division of Science and Innovation is responsible for its implementation.

IREI (the Division of IT Services) and GAGNÍS (the Division of Science and Innovation) are responsible for providing guidance and assistance to researchers in data management. These entities are also responsible for ensuring that researchers have access to the necessary infrastructure for secure data storage.

The UI Archives are responsible for the long-term preservation of research-related documents, as with other university activities, and provide advice to researchers on storage and documentation.

Deans of schools are responsible for ensuring compliance with rules and procedures regarding data preservation or deletion when staff leave the University and when students complete or discontinue their studies.

Heads of faculties and departments are responsible for ensuring compliance with rules and procedures on data management, data stewardship, data security and open science in student projects.

Principal investigators (PI’s) are responsible for ensuring that co-researchers (including students) adhere to rules and procedures on data management, data stewardship, data security and open science. They are therefore responsible for compliance with rules regarding protection of personal data (GDPR), rules on the handling of sensitive information and information security. This is especially important when handling microdata. PIs are responsible for obtaining relevant permissions from The National Bioethics Committee, the Research Ethics Committee of the Icelandic universities and the Data Protection Authority and observing the rules and guidelines issued by these bodies on the handling of data.

The organisation of data management is based on the duration of the research project and the data lifecycle, from collection to long-term preservation or disposal. Data handling depends on the nature of the data and particular care must be taken with data that may lead to patents, personally identifiable data and sensitive data, as such data require restricted access, de-identification or disposal once they have served their original purpose. The University of Iceland Code of Ethics must always be followed in data collection, and necessary permits must be obtained where applicable. Responsible data collection and quality assurance are prerequisites for the responsible use of artificial intelligence in data processing and analysis, an area that is expected to expand significantly in the coming years.

2.1 Data Management Plans

It is expected that for all research activities that involve data collections a formal data management plan is set out. This is important as grants-agencies increasingly require data management plans to accompany grant applications or make them a pre-condition for signing of contracts. Horizon Europe and NordForsk have been requesting data management plans for some time, and the Icelandic Research Fund (Rannis) implemented this requirement more clearly than before in its rules in the spring of 2025. A data management plan outlines the life cycle of research data; collection, presentation and preservation during the research, how digital data is backed up, and how and for how long data will be preserved after the research. It addresses the sharing of data between parties during the research period, defines which participants have access to which data and how this management is carried out, and discusses restrictions on use, copyright and intellectual property rights, researcher responsibilities and necessary resources. The required permissions (legal and ethical) should be specified and how sensitive information will be handled. The metadata for the data in question is also described. Data management plans are dynamic documents and as such can change during the study.

UI issues guidelines on preparing Data Management Plans, and researchers can seek assistance from GAGNÍS (the Division of Science and Innovation), IREI (the Division of IT Services) and the academic schools.

2.2 Data Stewardship

Data stewardship ensures that data are handled responsibly throughout their lifecycle and in accordance with a formal Data Management Plan. It involves maintaining data quality, ensuring validity, consistency and traceability, and ensuring that data are secure and accessible to authorised users. The objective is to create a trustworthy environment in which data serve as a reliable foundation for decision-making, innovation and research, without compromising security or privacy.

In research projects, it is important that data management is entrusted to individuals who have received appropriate training in data stewardship.

2.3    Storage and Sharing of Data

During a research project, collaborators must have access to data in a secure environment that also allows data sharing. Researchers are strongly discouraged from storing data on personal hard drives and UI provides various alternative solutions such as Teams and Sharepoint that should fit the requirements of many research projects.

IREI provides an access-controlled cloud solution (NextCloud) for storing and sharing research data during projects, as well as solutions for long-term preservation after completion. IREI advises researchers on data storage and applications for storage space can be submitted through its service portal.

A changing global environment poses challenges when assessing the trustworthiness of international partners for data sharing. It is important to monitor developments in data security, particularly in the Nordic countries and Europe, and to define responsibilities, roles, technical solutions and procedures for ensuring research data security.

After project completion, data should be preserved either in open repositories (see section on Open Science) or in access-controlled storage for an indefinite period.

2.4 The Fate of Data at Termination of Employment or Studies

When staff leave UI and when students complete or discontinue their studies, data must be preserved or deleted in accordance with relevant rules and procedures. In assessing what constitutes data, a broad interpretation is recommended. For example, laboratory notebooks in research-based postgraduate studies often contain data worth preserving for future use. The same applies to data collected in student projects, which may have potential for valuable reuse if properly preserved and documented. When determining the fate of data, the following considerations may apply:

• Is preservation required due to scientific publications or other obligations, and for how long?
• Do the data contain information that must be deleted?
• Are there costs associated with preservation?
• Are the data irreplaceable (e.g. monitoring data)?

In general, individuals involved in data collection or research during employment or studies at UI should retain access to relevant research data after their employment or studies end. Exceptions may apply if funding body rules stipulate otherwise or if other arrangements were agreed upon. Use and access to research data after the end of employment or studies is, however, always subject to the same rules and legal requirements as those that apply to UI staff or students at any given time.

Research data should, where possible, be preserved long-term in open repositories and made available for reuse in accordance with the principle that data should be “as open as possible, as closed as necessary” and in line with the FAIR principles (findable, accessible, interoperable, reusable). Data may be FAIR without raw data being openly accessible; in such cases, metadata describing the data and access conditions must be available.

GAGNÍS is an Icelandic repository operated by UI that accepts data across disciplines and publishes them in open access according to FAIR principles. Its website provides detailed guidance on preparing data for preservation and publication.

Researchers may also publish data in international repositories, which may be general or discipline specific. An example of a general repository is Zenodo, developed at CERN and freely accessible. Zenodo hosts sub-collections such as the EU Open Research Repository for outputs of Horizon Europe projects and projects within the Aurora university alliance in which UI participates. Zenodo provides guidance on preparing data for publication.

Both GAGNÍS and Zenodo are OpenAIRE-compliant, meaning they can be accessed through OpenAIRE, a portal to numerous quality-assured repositories.

When deciding whether to publish data in GAGNÍS or an international repository, it should be noted that not all variables from Icelandic datasets are always correctly transferred to foreign repositories (e.g. if datasets include Icelandic characters). In addition, it may be easier to obtain an overview of Icelandic datasets in OpenAIRE if they originate from the same repository.