Thesis data management guidelines
The guidelines are in line with the following national guidelines, recommendations and principles:
- Ethical recommendations for thesis writing at universities of applied sciences (Arene, 2025)
- Policy component for open access to theses (AVOTT, 2024)
- The Finnish Code of Conduct for Research Integrity and Procedures for Handling Alleged Violations of Research Integrity in Finland (TENK, 2023)
- Policy for Open Access to Research Data and Methods (AVOTT, 2021)
- The Declaration for Open Science and Research (AVOTT, 2020)
- The ethical principles of research with human participants and ethical review in the human sciences in Finland (TENK, 2019)
Thesis research data
In the context of a thesis, research data refers to the data that is collected or produced and analysed to justify the results of the thesis. Research data does not include the source literature cited in the thesis.
Examples of research data for a thesis include data from interviews and surveys, measurement, test and modelling data, samples, various collection datasets, research diaries and notes, documentation or tables from a literature review, new data created on the basis of another dataset, or self-developed software and source codes.
Data Management
Data management involves creating, storing, organising and describing research data in a way that ensures its usability and reliability throughout its life cycle. Data protection, security and research ethics are also considered during this process.
Data Management Plan
A data management plan is a document that describes what research data will be used in the thesis, how it will be obtained, how it will be stored and used, and what will happen to it once the research for the thesis has been completed.
When a thesis is carried out as a commissioned work or within a research, development, and innovation (RDI) project, the ownership and usage rights of the data, as well as any confidential data and the controller responsibilities concerning personal data, are agreed upon in the thesis agreement. Read more about the thesis agreement.
If there are several thesis authors, it is also advisable to agree on responsibilities, data ownership and authorship in a separate agreement to ensure a shared understanding of these matters.
A thesis completed at a university of applied sciences is a public document. If the research data for the thesis includes confidential material, please refer to the current guidelines on submitting confidential data as part of the thesis background material. Read more about the publicity of theses.
Every Metropolia student is entitled to receive guidance on data management for their thesis from their thesis supervisor. The supervisor’s role is to guide the student in following good scientific practice, as well as the key research ethics principles, permit procedures, legislation, and responsible data management relevant to the thesis. The thesis author is responsible for complying with these guidelines.
Metropolia provides thesis supervisors with training, instructions, learning materials and support services on responsible data management, including research ethics, data protection and information security. As a supervisor, you can also receive support from Metropolia's data agents in addition to experts in the aforementioned fields.
Data agents act as easily accessible local support for thesis supervisors in matters related to data management. Through data agents, supervisors can receive assistance with questions concerning data management, data protection or research ethics. When necessary, a data agent can direct the supervisor to the appropriate specialist.
The thesis author must prepare a data management plan if the thesis involves collecting, producing or processing research data. The thesis supervisor ensures that the measures described in the data management plan comply with research ethics practices, are secure, and meet data protection and other legal requirements.
The data management plan can be created, for example, by using the Data Management Plan (Word -template) or the DMPTuuli online tool. The completed data management plan is attached to the actual thesis plan.
The student submits the data management plan in the Wihi thesis supervision system, where the thesis supervisor approves it. The data management plan must include at least:
- a general description of the data to be collected or produced
- where the data will be stored
- the handling of any personal data and confidential information
- any potential ethical risk
- what will happen to the data once the thesis is completed
The laws and general ethical principles applicable to research conducted in Finland also apply to theses. Like other higher education institutions, Metropolia is committed to adhering to good scientific practice. Good scientific practice covers not only scientific research but also theses, teaching and supervision in higher education institutions. A confirmed breach of good scientific practice is grounds for rejecting a thesis.
When human participants are involved in a thesis, for example, when information is collected from individuals taking part in the research, the ethical principles of research involving human participants must be observed. This includes considering any required research permits and the need for ethical review, informing participants and obtaining their consent, as well as complying with legislation concerning the processing of personal data.
Students are responsible for ensuring data protection when preparing their thesis. The thesis supervisor has the primary responsibility for advising the student on data protection matters. All teaching staff must have a basic understanding of data protection. If the thesis involves a data protection issue that has not been encountered before, the supervisor must contact the data protection team to clarify the appropriate procedures.
Students undertaking a thesis are responsible for ensuring the security of their research data by complying with Metropolia’s information security guidelines. Read more about data classification and secure storing (Wiki).
Learn about secure use of cloud services (Wiki).
Any data falling within special categories of personal data, or other confidential information such as trade secrets, must be stored only in storage environments designated for sensitive data. In accordance with Metropolia’s cloud terms of service, the storage of special category personal data or other confidential information in cloud services is prohibited.
Adequate documentation of research data is an essential part of good scientific practice. It is recommended that the research data used in a thesis be documented and described in such a way that it can be understood not only by the author but also by others, such as the thesis supervisor. Students are encouraged to practise documentation as an integral part of their thesis work.
Metropolia’s Data Support provides guidance and learning materials on the documentation and description of research data. You can find these in the Data Management for Thesis guide in LibGuides.
Use of artificial intelligence in data management
Artificial intelligence may be utilised in the data management of a thesis; however, it is important to adhere to good scientific practice and the other points outlined in these guidelines. Read more about the responsible use of artificial intelligence in theses.
Metropolia is committed to the principles of open science and research. Students receive guidance on matters related to research openness as part of the supervision process for their thesis.
A student may publish the research data they own from their thesis, provided there are no restrictions arising from agreements with collaborators, research permits, or the information provided to research participants. When publishing data, legislation (such as data protection regulations) and good research ethics must be considered.
Confidential or classified information must not be published. It is advisable to discuss any potential risks with the thesis supervisor before publishing the data.
The potential for undesired use of data, as well as export control related to dual-use items and sanctions, must be considered in a thesis when it is carried out as commissioned research for third parties, as part of an international RDI project, or when the results of the thesis are published.
In this context, the term 'undesired use of data' refers to the transfer of critical knowledge and technology that could impact the security of the European Union and its member states.
As the owner of the data, the thesis author decides what will happen to the research data once the thesis has been completed, unless otherwise agreed or ownership of the data has been transferred to another party. If there are multiple owners, the decision must be made jointly. The storage period for personal data is determined by the data controller. Personal data must be destroyed or anonymised as soon as it is no longer needed.
Data storage may be restricted by the permissions obtained from research participants or the organisation being studied If the data has been promised to be destroyed upon completion of the thesis, this must be carried out. The student is responsible for destroying the data as agreed, but the thesis supervisor must inform the student of this responsibility For more information on storage and destroying of the data, see the Data Management for Thesis guide in LibGuides.