Skip to Main Content

Research Data Management: Governance


Research data should be managed in compliance with all relevant legislation, regulatory requirements and contractual obligations:

1. Data Ownership

2. Intellectual Property

- Copyright

- Patents

- Trade secrets

- Licenses

3. Data Privacy

-  The Constitution of the Republic of South Africa

- Protection of Personal Information Act

- National Health Act

- General Data Protection Regulations

4. Access to Information

- The Constitution of the Republic of South Africa

- Promotion of Access to Information Act

5. Research Contracts

Primary research data collected or generated by Stellenbosch University researchers belong to the University unless there are specific terms regarding intellectual property rights in the funding agreement. Before research is initiated, it is important to delineate the rights, obligations, expectations, and roles played by all interested parties. More information about the ownership of research data can be found in the Stellenbosch University Research Data Management Regulations as well as the Stellenbosch University’s Policy in Respect of commercial exploitation of intellectual property.

Intellectual Property

Intellectual Property is a term that describes the application of the mind to develop something new or original. Intellectual Property can exist in various forms and encompasses registerable and non-registerable inventions, expertise, trademarks, trade secrets, copyrights, designs and plant breeders’ rights which have come about through the mental efforts, insight, imagination, knowledge and creativity of humans. For the purposes of primary data collection/generation the most relevant form of Intellectual Property is copyright.



A copyright is an exclusive right granted by law for a limited period to an author, designer, etc. for his/her original work. Copyright laws protects certain categories of works which are products/outputs of intellectual work/labour/effort. One does not have to register copyright on a work for it to be protected. It is automatically assigned the moment an original creative work takes a tangible form. The exception to this are cinematograph films as they require registration. Copyright applies to works that have some form of creativity embedded. As such a mere list of facts or data cannot be copyright protected. A grocery list for instance, is not a creative act and thus cannot be protected. The South African law of copyright is regulated by the Copyright Act 98 of 1978 and its associated case law. The South African law of copyright applies to: Literary works, musical works, artistic works, cinematograph films, sound recordings, broadcasts, programme-carrying signals, published editions and computer programs. As a general rule, the author or creator of a work is also the first owner of copyright. The major exceptions to the rule are where the work was made in the course of employment (the employer is the automatic owner), or where certain types of work are commissioned.





Personal information cannot be collected, shared or distributed without informed consent. Researchers must acquaint themselves with the provisions of the relevant national and international legislation.

The National Health Act applies to health research, and requires all research studies that involve human participants to obtain the express consent of the individual involved prior to starting the research.

The Protection of Personal Information Act requires that consent be obtained from a data subject or a competent person where the data subject is a child. 


Research participants should be unambiguously informed of what will be done with their data and give consent. Subsequently, data processing should be done accordingly.

The informed consent of participants in a project needs to include sharing, preservation and long-term use of their personal data as well as any limitations to these actions.

Signed consent forms and other documents and records linked to the ethical conduct of research must be stored by the principal investigator in a safe and secure manner according to the Department of Health’s guidelines for research ethics.

Data privacy laws apply to personal information.

When personal information is collected from human participants the confidentiality of such participants should be safeguarded through the anonymisation or de-identification of any personally identifiable information when appropriate.

  • As sensitive data carries a risk of causing discrimination, harm or unwanted attention, researchers are encouraged to conduct disclosure risk assessments before, during and after research data are collected in order to ensure that personal information pertaining to research participants remains confidential. 
  • Researchers who work with sensitive research data should take reasonable steps to safeguard such data by regulating or restricting access and use of such data. The Information Technology Division can be consulted for guidance and assistance.
  • Researchers should also take reasonable steps to ensure that sensitive data are not breached accidently or as a result of negligence in the handling of the data. Identifiable data must always be stored separated from other data and must not be stored on portable devices, unless researchers are using data encryption devices. The Information Technology Division can provide guidance and assistance.

The right to access to information is safeguarded by the provisions of section 32 of the Constitution of the Republic of South Africa, 1996 (referred to as ‘the Constitution’). The provisions of this section are framed in the following manner:

(1) Everyone has the right of access to -

(a) any information held by the state; and

(b) any information that is held by another person and that is required for the exercise or protection of any rights.

(2) National legislation must be enacted to give effect to this right, and may provide for reasonable measures to alleviate the administrative and financial burden on the state.

The provisions of section 32(2) make reference to national legislation that gives effect to the right to access of information. This legislation exists in the form of the Promotion of Access to Information Act 2 of 2000 (referred to as ‘PAIA’). The provisions of PAIA set out the circumstances under which record information can be accessed from private and public bodies.

All contractual obligations should be adhered to, such as obligations regarding confidentiality, intellectual property requirements, security of research data and conflict of interest. The researcher acting as principal investigator is responsible for all obligations that are outlined in the research contract/-agreement. The Research Contracts Office in the Division for Research Development provides advice to researchers in meeting their responsibilities for all contractual obligations.

RDM Regulations