Once your research idea is developed, you need to look for funding. Most funders require a data management paragraph as part of the research proposal. After you receive a grant, funders require a DMP within a certain period of time.

Contact your faculty data steward or specialists from the University Library, MEMIC or DataHub for DMP support.


2.1. Funding

Investigating potential funding sources and preparing postgraduate research applications is a lengthy process, so allow plenty of time for this.

The most common funders for research projects at Maastricht University are NWO, ZonMW and Horizon Europe.

The Contract Research Centre (CRC) offers professional support in acquiring national and international grants and funds for research projects and scholar- and fellowships. There are funding opportunities for (almost) every project proposal!

Contact: crc-office-bu@maastrichtuniversity.nl

More information on grant opportunities and funding can be found on the intranet page of Contract Research Centre.


2.2. Research Data Management Paragraph

You want your research proposal to stand out from others to increase your chances of being selected and funded for your research project. Funders require a data management paragraph as part of the research proposal. While writing this paragraph about how you will manage your data, keep in mind that most funders are in favour of open access and reuse of research data.


2.3. Research Data Management Plan

The goal of a DMP is to take into account the many aspects of RDM. Compliance with a good DMP ensures that data are well-managed in the present and prepared for preservation in the future. The DMP is a dynamic document that changes with the needs of a project. It needs to be updated regularly to make sure it reflects the current state of your project.

A DMP typically outlines how and what kind of data will be created. It outlines plans for storing, sharing and preserving data during and after the research project. It also describes security measures and restrictions that apply given the nature of the data. (Sensitive) personal data or patentable data require additional protection measures and restrictions may apply to their sharing and retention.

Most funders require a DMP. UM does not require researchers to submit a DMP. However, writing a DMP is strongly recommended and may be a requirement for your faculty. Contact the data steward or faculty information manager for more information.

For additional information and DMP templates of funders:



The ZonMW text refers to DMPonline. UM has its own UM branded version of the DMPonline tool that is operational within the UM environment. It is advised to use the UM link.

Horizon Europe: 


Additional useful link:

2.4. Personal data: Privacy & Security

Data security and privacy are very important. If your project involves personal data, this has consequences for your research and data (collection). Possible privacy and security issues should be addressed at a very early stage of the project.

Note that if your research does not involve personal data, you still need to consider security measures related to data integrity and confidentiality. These issues should be addressed in your DMP.

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes special categories of personal data which must be treated carefully.

Special categories of personal data are data revealing:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Membership of trade unions
  • Genetic data
  • Biometric data for the purpose of uniquely identifying a natural person
  • Physical or mental health condition
  • Sexual life or orientation
  • Convictions, proceedings and criminal acts
  • National Identification Number (BSN in the Netherlands)

If your project involves personal data, UM requires you to take the following steps. This may vary per faculty or department.

Registration of the project:

  • Contact the information manager, data manager, or data steward of your faculty to register your project and help you with the risk classification of your research project;
  • The outcome of the classification will be a score (low, middle, high) on:
    • Availability
    • Integrity
    • Confidentiality
  • Based on the score you will have to take appropriate measures
  • A Data Protection Impact Assessment (DPIA) may be required if the project involves special categories of personal data. Contact your Information Manager for this. Based on the outcome of the DPIA, you are required to take the necessary measures in collaboration with the information manager of your faculty.
  • Find information on ICT Security including policies on the UM Security pages.
  • Visit the Privacy Regulations website Privacy Regulations website for detailed information.
  • If you have specific questions about personal data processed in your project, contact your Information Manager found under Privacy:GDPR. If necessary your Information Manager can contact the central UM privacy team.

Legal obligations when processing personal data:

  • Collect the minimal amount of personal data (i.e. only the data that are directly necessary for your project)
  • Obtain the participants’ consent for the collection of personal data and inform participants in a clear and transparent manner about your processing of their personal data
  • If consent cannot be obtained; provide an alternative legal ground for processing
  • Store contact details (e.g. name, DoB, address, BSN etc.) and research data separate (pseudonymisation)
  • Do not use cloud services with which UM does not have a contract and especially do not use public cloud services because:
    • Data storage might not take place in Europe and others may have access to your files;
    • Service continuity is not guaranteed;
    • Providers may obtain undesired rights of ownership on the stored files.
  • Anonymise/pseudonymise data as soon as possible
  • Use safe passwords and change them regularly
  • In the event of a (suspected) data breach, immediately contact ServiceDesk ICTS via ICTS servicedesk or call (043) 388 5555 (on working days, 8:00-17:00) and inform your Information Manager. Even if it only concerns data of a single person and even if you do not suspect any harm will come out of it.

2.5. Ethics

Several ethical review committees conduct ethical reviews of scientific research involving human participants or personally identifiable data. At UM, the following ethical committees assess research on ethical issues.

Ethical Review Committee Inner City Faculties (ERCIC)

ERCIC supports ethical issues specifically for the Inner city faculties. ERCIC encourages researchers to submit their study protocols involving human participants or personally identifiable data for ethical review prior to the start of research activities. Review by ERCIC currently takes place on a voluntary basis.

Visit the ERCIC website for more information.

Ethics Review Committee Psychology and Neuroscience (ERCPN)

The ERCPN is the Ethics Review Committee of the Faculty of Psychology and Neuroscience and requires researchers to submit their study protocols involving human participants or personally identifiable data for ethical review before the start of research activities. If studies fall under the Medical Research Involving Human Subjects Act (WMO), review by the accredited review committee METC is mandatory.

Visit the ERCPN website for more information.

Ethics Review Committee Health, Medicine and Life Sciences (FHML-REC)

Research involving human participants or personal data conducted in FHML should be submitted for ethics review. The work typically undertaken in FHML falls under either the METC for research that is regulated by the WMO, or the FHML-REC for research that is not subject to that legal obligation.

Visit the FHML-REC website  for more information.

Medisch Ethische Toetsings Commissie (METC)

The medical ethics committee of MUMC+, is an independent by government accredited ethical review committee. METC assesses medical-scientific research involving human subjects in accordance with legislation on WMO (Social Support ACT). For studies that fall under the WMO, review by the accredited review committee METC is mandatory.

Additional information can be found on the Ethics Review website.


Informed consent is the process by which a researcher provides the necessary information about the study, after which a participant can make a voluntary, informed decision about whether to cooperate.

Informed consent is given before the start of the study. Obtaining informed consent is critical to meeting your legal and ethical obligations to participants while increasing the value of your research data.

To obtain informed consent, researchers should:

  • Inform participants of the purpose of the study;
  • Discuss what will happen with their contribution (including the future sharing and archiving of their data);
  • State what steps that will be taken to ensure their anonymity and confidentiality;
  • Outline their right to withdraw from the research at any time.

Article 4(11) of the General Data Protection Regulation (GDPR) defines consent as: “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

Consent is one of the lawful grounds on which personal data processing has to be based.

Sources: CESSDA, Guidelines on consent Autoriteit Persoonsgegevens


2.7. Costs of Data Management Planning

There are great differences in the nature of research projects, but all projects have in common that they must make an effort to organise, document and store research data.

Depending on the type of research, you may need to invest in additional products, support and services to manage your data, which can lead to additional costs.

To avoid unpleasant surprises and to avoid running out of financial resources, it is advisable to budget for RDM costs.

There is no hard and fast approach to budgeting for RDM. But there are guides and tooling available to help you with this.

Landelijk Coördinatiepunt Research Data Management (LCRDM, National Coordination Point Research Data Management) has developed a costs guide for RDM with an overview of possible costs per activity within each phase of the data life cycle.

The UK Data Service has developed an activity-based costing tool for the costing of RDM in the social sciences.