Skip to content Skip to footer

Maturity Model Legal Legal Framework for Research Data

What this indicator measures

This indicator assesses the availability and use of standardised frameworks, templates, and procedures for legal tasks within the Organisation or Node. It considers whether legal processes are in place at project initiation, how consistently they are supported, and how prepared staff are required to apply them. Maturity reflects the organisation’s or Node’s ability to handle legal issues proactively through dedicated personnel and well-maintained resources.

Special cases

In some instances, legal services are outsourced or bought in. In this case, the maturity levels are not scored as 1; they can either be evaluated on the level of the umbrella organisation or marked ‘not applicable’.

Maturity levels

Level 1 – Ad hoc and reactive

Legal processes are ad hoc and reactive, with no standardised framework or templates regarding RDM. Legal tasks are handled informally by various departments. Agreements go through minimal review.

  • Reactive: No specific workflows and templates are generated, data stewards and/or legal team become involved only when specifically asked or when there is an immediate need, and it is unclear in what manner to approach those instances.
  • Unplanned: When the need arises, the work is distributed in an extemporaneous manner. It is unclear who to contact for specific questions and where to find the necessary information, templates or RDM support. Employees and researchers struggle to find support in understanding and navigating legal requirements.
  • Inconsistent delivery: The support varies in quality and expertise from case to case, and it remains unclear how to ensure compliance with legislation and policies.

Impact: Slowing down of RDM processes and projects in general, no way to minimise the risk of breaches and potential legal issues.

Level 2 – Emerging, but inconsistent

Standard templates and contractual clauses are being introduced, but not consistently used. The legal department exists but does not yet support project initiation or have fully defined processes for RDM issues.

  • Fragments exist: Pieces of a basic legal framework and RDM templates are preserved, available and referenced
  • Project-driven: Templates and contractual clauses are created as needed for different projects, but are used inconsistently
  • Not maintained: Lack of structure and clarity regarding responsibilities for maintaining and updating these assets as needed
  • Not supported: Lack of support for adoption/use in the organisation
  • Not enforced: No mandatory legal adoption or coordinated follow-up on the institutional level

Impact: First steps towards a more consistent and efficient approach, but fragmented and at risk of commonly referenced assets becoming out of date as legislation and the RDM area develop.

Examples

  • The legal department exists, but does not cover RDM processes due to a missing strategy and lack of standardisation.
  • Legal support is provided by the Organisation or Node on an as-needed basis for the various projects in which the groups are involved.
  • Standard templates and contractual clauses are being introduced, with priority placed on bigger projects where regulatory compliance is critical (for example in cases where human data is involved).

Level 3 – Standardised and structured

The legal framework is well-defined and standardised across the organisation. Dedicated personnel is responsible for supporting the establishment of a legal framework covering RDM requirements. Comprehensive templates exist, along with standardised contractual clauses for RDM issues.

  • Clear framework: A comprehensive legal framework is established and well-defined.
  • Standardised processes: Defined, standardised processes and comprehensive templates are in place, managed by dedicated personnel.
  • Data sensitivity is considered: Legal requirements differentiate between cases based on data types and information sensitivity.
  • Legislative mapping: Relevant legislative standards have been identified and mapped to the legislative frameworks and policies of Organisation or Node.
  • Centralised design: The institutional legal system for RDM is well-designed.
  • Fragmented implementation: Processes remain fragmented within individual faculties, laboratories, and departments.
  • Limited training: Systematic and regular training in this area is not carried out or is limited

Impact: Legislative activities will be more aligned across the organisation due to a clear, standardised institutional legal framework, leading to improved compliance, efficiency and reduced risk or fines, legal disputes and reputational damage.

Level 4 - Optimised and proactive

Continuously improved and optimised legal framework for research data; regularly updated to reflect RDM best practices and regulatory changes. Use of advanced, customizable templates and optimised contractual clauses for RDM issues.

  • Asset management: All legal assets (e.g., policies, templates, agreements) are actively managed, maintained, and updated.
  • Dynamic framework: The legal framework is consistently up-to-date and reliably implemented.
  • Change management: Updates to the framework are communicated through established change management processes.
  • Comprehensive training: Regular, targeted, and mandatory training covers the entire RDM legal lifecycle for all relevant personnel (legal department, data stewards, researchers).
  • Dedicated support: Full support is provided (e.g., ticket systems with progress tracking and defined reaction times, dedicated presonnel).
  • Granular definitions: Comprehensive, data-type-specific definitions for legislative handling requirements are clearly established.

Impact: The legal framework for RDM is continuously optimised and fully integrated across the organisation, ensuring proactive compliance, maximum efficiency, and minimal risk through consistent application and well-supported, highly trained personnel.