Research Data Governance: Where DMPs, FAIR and Institutional Policy Meet

Research data governance is the institution-wide framework of policies, roles and standards that determines how research data is created, stored, protected, shared and retained across its lifecycle — distinct from the project-level task of managing a single dataset. It sits above data management plans (DMPs) and FAIR practice, translating funder and institutional policy into assigned accountability. The most common failure point is not the policy itself but the gap between what a DMP promises and what a principal investigator (PI) or data steward is actually resourced and empowered to deliver.

Put simply: research data governance is the system of institutional authority, roles and control that determines who is accountable for a dataset at every stage of its life, from collection to eventual disposal or archiving.

What is research data governance?

Research data governance establishes the policies, roles and standards dictating how research data is ethically collected, stored, secured and shared, applied at the level of the whole institution rather than a single grant. It differs from research data management in scope: management is what a researcher does with one dataset; governance is how an organisation ensures every dataset is handled consistently and lawfully.

Andrea Chiarelli’s 2023 analysis for Force11’s Upstream describes this as a shift “from individual projects or datasets to the way the organisation as a whole thinks and operates when it comes to research data.” A 2025 Data Science Journal paper by Odebrecht et al. argues governance requires a “system of cross-organisational” accountability, since ownership, stewardship and compliance obligations rarely sit with one office.

In practice, governance frameworks typically assign roles across several functions:

  • Senior leadership — sets institutional strategy and secures infrastructure budget.
  • Data stewards or data champions — provide discipline-specific guidance and training.
  • Librarians and information professionals — curate data and advocate for open sharing.
  • Ethics and compliance officers — verify adherence to regulatory and funder requirements.
  • IT and information security teams — manage storage, backup and access control.
  • Principal investigators — remain directly responsible for their project’s data day to day.

How do data management plans fit into research data governance?

A data management plan is the project-level instrument; research data governance is the institutional context that shapes it. Governance sets the rules of the road — the DMP is the trip plan for a specific project, describing what data will be generated, how it will be stored, and what happens to it once funding ends. Most UK and EU funders now require a DMP at application stage, per the Digital Curation Centre’s funder-policy overview.

UKRI’s Guidance on Best Practice in the Management of Research Data (2020) states research data should be “easily discoverable, accessible, assessable, intelligible, useable” — language drawn from the G8 Open Data Charter. That expectation only becomes operational once a governance framework specifies which repository, metadata schema and retention period satisfy it. Without that translation layer, a PI can write a technically compliant DMP the institution has no infrastructure to support.

Where personal or sensitive data is involved, governance also requires a Data Protection Impact Assessment (DPIA) under UK GDPR before collection begins — a step outside most DMP templates, and frequently where research ethics and governance approval stalls.

Where do FAIR principles sit in the governance stack?

The FAIR Guiding Principles — Findable, Accessible, Interoperable and Reusable — were formally published in Scientific Data in 2016 (Wilkinson et al.) and have since become the default technical standard governance frameworks use to operationalise “good data practice.” FAIR is a set of design criteria for datasets; governance is the accountability structure that ensures those criteria are met at scale, not just described in policy.

A governance policy might mandate persistent identifiers, controlled-vocabulary metadata and an approved repository — the mechanisms that make a dataset FAIR in practice. Funder mandates reinforce this: cOAlition S’s Plan S requires data underlying publications be made available in a FAIR-compliant repository, converting a technical principle into a compliance condition an institution’s governance office must monitor.

Layer What it governs Primary owner
Institutional research policy Ownership, retention, ethical boundaries Senior leadership / research office
Research data governance framework Roles, accountability, infrastructure standards Data governance committee
FAIR principles Technical findability/reuse criteria for datasets Data stewards, repository managers
Data management plan Project-specific application of the above Principal investigator

Where do responsibility gaps appear between data stewards and PIs?

The most persistent governance failure is not absent policy but an accountability vacuum between those who write institutional standards and those who generate the data day to day. Force11’s Upstream analysis notes “research cultures value autonomy and independence,” making a standardised framework structurally difficult to enforce against individual research groups — a cultural, not merely technical, obstacle.

The gap tends to open at predictable points:

  • Departure events — what happens to a dataset when a researcher leaves is, per Upstream, “one of the most common difficulties,” since ownership and access rights are rarely settled in advance.
  • Metadata quality — without an assigned data steward, a PI defaults to whatever documentation is fastest, not what is FAIR-reusable.
  • Sensitive data handling — a DPIA is approved at the outset, but ongoing access-control enforcement typically falls back to the PI’s lab, unsupported by IT.
  • Retention beyond project end — a retention period is set, but archiving budget and ownership after a grant closes is frequently unassigned.

The University of Oxford’s data governance framework addresses this by “establishing roles, definitions, standards and procedures to help keep data accurate and fit for purpose” — an explicit attempt to move responsibility off the individual researcher and onto a named institutional function. Institutions without an equivalent role map leave every gap to default to the PI, regardless of whether they have the time, training or authority to close it.

Frequently asked questions

What is data governance in research?

Data governance in research is the exercise of institutional authority and control over how research data is created, secured, shared and retained, increasing the value of research data while minimising risk, and covering ownership, quality, ethical compliance and long-term stewardship across every supported project.

What are the four pillars of research data governance?

Most frameworks converge on four pillars: policy (rules for ownership, access and retention), roles (stewards, ethics officers, IT, PIs), infrastructure (repositories, metadata standards, storage) and compliance monitoring (audits against funder and legal requirements). Each pillar fails independently if the others are absent.

What are the 5 C’s of data governance?

The 5 C’s — clear vision, leadership commitment, collaboration, communication and continuous improvement — describe the cultural conditions a governance programme needs to survive contact with autonomous research groups. Without leadership commitment specifically, governance policy tends to remain aspirational rather than enforced.

Will AI replace research data governance?

No. AI tools can automate metadata tagging, anomaly detection and compliance checks, but they cannot assign accountability or resolve the ethical judgement calls that research ethics and governance committees make. AI changes the tooling of governance, not the underlying need for named, human-accountable roles.

Implications for institutions

For research administrators, the practical implication is that a DMP template or FAIR-compliance checklist is necessary but not sufficient. An institution needs a named governance owner — a research data governance committee or chief data steward function — whose remit spans the full lifecycle, not just the application stage a DMP covers.

The Royal Society and British Academy’s joint review, Data Management and Use: Governance in the 21st Century, argued data governance should be treated as an organisational capability comparable to financial or ethical governance, not a bolt-on exercise assigned to whichever office has spare capacity. That framing is increasingly reflected in how EARMA, ARMA and INORMS member institutions structure research administration functions, positioning data governance alongside grants management and research integrity rather than beneath IT.

Conclusion: closing the gap

Research data governance, DMPs and FAIR practice describe the same problem from three altitudes: institutional accountability, project-level planning, and technical dataset design. The responsibility gaps undermining all three consistently form where policy assigns an outcome — FAIR metadata, secure retention, a departure protocol — without assigning a person. Institutions that name an accountable role for every governance obligation, rather than defaulting to the PI, close that gap before it becomes a compliance failure. For broader context on these roles within the wider research administration function, see CASRAI’s research administration standards resources.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *