Laws and regulations on data management and FAIR data

On this page you will find the laws and regulations that apply to ZonMw’s FAIR data management procedures.

Research integrity

ZonMw’s data management and FAIR data policy and instructions are in accordance with the Netherlands Code of Conduct for Research Integrity. This Code of Conduct is a joint initiative of the Royal Netherlands Academy of Arts and Sciences, the Netherlands Federation of University Medical Centres, the Dutch Research Council, TO2 (the federation of Dutch applied research institutes), the Netherlands Association of Universities of Applied Sciences and Universities of the Netherlands. It is about good research practices. To promote and safeguard these, institutions have a ‘duty of care’ to provide a suitable working environment.

  • Data management

Data management is one of the duties of care of an institution (chapter 4). This relates to data administration, storage, publication, dissemination and access. These are important preconditions to making data (and other research resources) reusable.

ZonMw’s instructions on data management and FAIR data are based on the assumption that in ZonMw-funded projects these preconditions are met and that researchers adhere to them in their work.

  • Retention period

The code does not prescribe a standard retention period but leaves it up to the discipline concerned: “Ensure that all data, software codes and research materials, published or unpublished, are managed and securely stored for the period appropriate to the discipline(s) and methodology concerned” (section 4.4, under 13).

Health-RI’s ELSI Servicedesk website has a page about the retention period of data and human tissue in scientific research: Wat is de bewaar- en opslagtermijn van gegevens en lichaamsmateriaal in het kader van wetenschappelijk onderzoek? (not available in English)

ZonMw may provide specific guidelines for individual programmes or projects.

  • Access to data

ZonMw’s policy and instructions on making available (and providing access to) data is supported by the Code of Conduct: “Ensure that, in accordance with the FAIR principles, data is open and accessible to the extent possible and remains confidential to the extent necessary” (section 4.4, under 14).

Dealing with personal data and human tissue responsibly

In biomedical and health research, a lot of – generally sensitive – data, images and human tissue of many subjects are processed. Patients and citizens participating in health research count on the safe and careful processing of their personal data and human tissue, in a manner that respects their rights and interests.

  • Legal framework

The Dutch version of the General Data Protection Regulation, the AVG, applies to personal data. Processing personal data is only allowed if there is a legal basis to do so. Health research involves special personal data . A legal basis that applies to this is that a research subject must expressly consent with the processing of their personal data.

  • Background to the legal framework

The AVG is leading in a legal sense. At the same time, in some respects the AVG leaves room for additional legislation. This legislation can be found in the Dutch GDPR Implementation Act (UAVG). Rules governing the confidential handling of medical data are laid down in the Medical Treatment Contracts Act (Wgbo). In addition, a law is being prepared on the administration of human tissue and medical-scientific research. The Code of Conduct jointly elaborates these.

  • Norms for handling personal data

COREON’s code of conduct on health research (2022) contains a number of concrete norms available to researchers for the handling of personal data and human tissue in health research. The Code of Conduct does not remove the many legal and legislative constraints relating to privacy in health research. COREON and Health-RI (see the programme for removing constraints; in Dutch obstakel-verwijder-traject) are working on possible ways to solve these issues.

Permission to process personal data
Research requires permission from the patients and/or citizens involved. The ELSI Servicedesk provides information on permission and objection procedures (in Dutch).

Measures to protect personal data
Protective measures are intended to prevent the leaking and/or abuse of personal data. This can be done by anonymising or pseudonymising sensitive personal data. The ELSI Servicedesk provides information on data protection (in Dutch).

Assessment by the Medical Ethics Review Board or the Central Committee on Research Involving Human Subjects
In medical-scientific research (including biomedical and health research), you may be required to have your study reviewed for compliance with the Medical Research Involving Human Subjects Act (WMO). The ELSI Servicedesk provides information on reviewing research (in Dutch) that is or is not subject to the WMO.

Ownership and collaboration

In the case of public-private partnerships, researchers must abide by ZonMw’s rules on co-financing  and record agreements with partners in a collaboration agreement. Here you can find more information about what needs to be considered for data sharing and collaboration.


ZonMw allows a three-month embargo period for sharing data, or providing access to data, for reasons such as a publication being in the works. In case a patent is being prepared, this period is allowed to last up to nine months.

For more information, please consult


If you have any questions, you are able to find our contact information below.


Ellen Carbo

Projectleader FAIR data & Open Access
openscience [at]