Skip to navigation | Skip to main content | Skip to footer
Search the Staffnet siteSearch StaffNet
Search type

Data management and protection

Good data protection management means having effective processes and methodologies in place to maintain data integrity.

Questions related to data management and protection should be directed to the Information Governance Office. You can also find lots of helpful information on their website

Information on the creation of data management plans for research projects can be found here.

Here are some useful links to more specific information:

Accessing NHS Digital Data

If you are planning to access NHS Digital data, you need to follow NHS Digital’s Data Access Request Service (DARS) process.

DARS application

When preparing a new DARS application, it is strongly advised that you seek advice from the University’s Research IT, Information Governance and Research Governance teams on the arrangements for accessing, transferring, and processing the NHS Digital data. Applicants can request advice form the University teams by sending a copy of the draft DARS application to and specifying the input required.  

Data Sharing Agreement

Before the data can be accessed/ transferred, a Data Sharing Agreement (DSA) needs to be put in place between NHS Digital and the University. All DSAs must be reviewed by the University’s Contracts Team who will arrange for the DSA to be signed by the University’s authorised signatory. 

In addition to the conditions outlined in the DSA, NHS Digital data users must be aware of the conditions outlined in the overarching Data Sharing Framework Contract (DSFC) in place between NHS Digital and The University of Manchester. The DSFC ensure that high standards are maintained by the University in safeguarding any data we receive from NHS Digital. Full details of what you need to consider are outlined in the University’s NHS Digital Data Sharing Framework Contract (DSFC) guidance document for users

Related guidance

The University’s Data Safe Haven provides an infrastructure for the secure management of personal, sensitive and confidential information including NHS Digital data.  

Making research data open and accessible


Open research relates to how research is performed and how knowledge is shared based on the principle that research should be as open, transparent, and accessible as possible. Open research also enables researchers to take advantage of digital technology.

Open research practices include:

  • pre-registration of hypotheses and/or research questions
  • the use of pre-prints
  • open-access publications and other outputs
  • full and transparent reporting of research workflows and statistical analysis code
  • sharing of original research materials
  • FAIR (Findable, Accessible, Interoperable, and Reusable) data

Not all of these practices will be appropriate for any given research project. Open research will look different in different disciplines but common to all is transparency in the research process.

When writing your data management plan you should consider how you will satisfy the University’s expectations for open research which are outlined in the Position Statement on Open Research (section 4). In particular, consider how you will make research data as open and accessible as possible and where relevant, justify any restrictions that might need to be applied. The University’s Research Data Management Standard Operating Procedure (sections 29-34) and Sharing data page provide guidance on publishing data, and the Concordat on Open Research Data (Principle #2) outlines valid reasons for restricting access to data.

You will also need to ensure that you include relevant information in your participant information sheet and consent form to make it clear to participants what will happen with the information they provide.


Guidance on the use of freedom of information requests for research purposes

Freedom of Information (FoI) requests legally compel public organisations to produce the information that is asked for in the request, if it falls within the legal criteria for such requests. Answering a FoI request may involve considerable resources if the information cannot easily be extracted from an organisation’s IT systems, or has not already been collated for other purposes. Organisations receiving FoI requests for information for research purposes are therefore likely to see this as a particularly aggressive form of data collection, and qualitatively different from a standard request concerning whether they are able to provide information that is important for a research project.

Using an FoI request to obtain information for the purposes of research should only be used under the following circumstances:

The information cannot be obtained via more usual and less aggressive means.

The research justifies the time and cost to the organisation(s) approached (e.g. we would not expect an undergraduate dissertation to justify this)

The potential future cost to any current or future relationship between the University and the organisation(s) has been considered.

Protecting and exploiting intellectual property

For detailed information about Intellectual Property at the University of Manchester please click here.

Recording, storing and archiving research data

Requirements for the recording and storage of research data and material will vary by discipline.  Researchers should always adhere to guidance provided by funding bodies, professional guidance where available, any principles set out at school or faculty level as well as the University's requirements as outlined below and in its Records Management Policy.

Researchers should keep clear and accurate records of their research including the procedures followed, approvals granted during the research process, sources used and results obtained (including interim results).  This is necessary, not only as a means of demonstrating proper research practice, but also in case questions are subsequently asked about either the conduct of the research or the results obtained. When recording data, consideration should be given to requirements of anonymity and confidentiality where appropriate and local/professional guidelines followed.

Depending on the nature of the research activity, for example where there is potential for intellectual property to be generated, the supervisor/principle investigator should review the main written record of research evidence, countersign and date it on a regular basis to signify that the entered data are accurate and complete.  This practice not only assists the protection of intellectual property but also helps safeguard researchers against allegations of research misconduct and assures auditors and sponsors that robust academic supervision is in place.

Records of a research project are the property of the parent school and should reside with the research unit in which they were generated.  Individual researchers should be able to hold copies of appropriate materials for their own use, but in order to protect the individual against loss or allegations of research misconduct, primary data in hard format (ie in a laboratory book) should be kept securely within the University.  The project leader/principal investigator/supervisor should have access to the data at all times.  University staff and students are not permitted to remove such records when leaving the University without obtaining permission from their head of school in writing.

Data should be stored in a way that permits a complete retrospective audit if necessary.  Unless ethical/professional/local or funding body guidance requires otherwise, research results should be archived in a durable form that is immune to subsequent tampering and falsification for a minimum period of 5 years after the date of any publication which is based upon it.  It is recommended good practice that evidence for research based on clinical samples or relating to public health should be retained for 15 to 20 years.

Data Protection Laws

If you are conducting research in a country outside of the UK, you need to familiarise yourself with the relevant data protection laws of that country. Although these are subject to change, you can find general information about this by visiting

Any queries in relation to the data protection laws of individual countries, including whether any special provisions will be needed regarding your research project should be directed to the Information Governance Office. Additional guidance and support on data protection can be found by visiting the Information Governance StaffNet pages.