The DMP (Data Management Plan) describes the methodology and standards applied for the collection, generation, access, processing, and preservation of data during the RAYUELA project. It also identifies which type of data can be made open access and which one will be kept as confidential, for how long, and who is responsible for maintaining and updating these data. 

The DMP is intended to be a live document throughout the project, with the objective to serve as a guide for project partners and external reviewers that comprehensively addresses all facets of data management, especially sensitive data. The first version of the DMP was presented in the month 6 of the RAYUELA project. This document will be continuously updated over the project lifecycle, as the actions taken with respect to the subject matter covered in each phase or task become more specific. Nevertheless, there are two milestones in the project especially important for the DMP: 

• M18: By this time, the first prototype of the serious game and more information about the pilot studies will be available, so the DMP will be updated according to such an important information. 

• • M36: This final release of the DMP will specify the details on how the project data will be handled once the project is finished. 

In addition, the DMP is complemented by other deliverables of the project. D4.1, D4.2, D4.3, and D4.4 provides further details on data protection. D4.9 and D4.10 provides further details on Open Data considerations. Finally, WP9, D4.6, D4.7, and D4.8 provides further details on the ethical issues related to the project. In particular, D9.3, which is due to month 6 too, includes the list of DPO of all the partners of the consortium and focuses specifically on profiling and data pseudonymization techniques. 

Concerning academic publications and in accordance with the policies under the H2020 program, RAYUELA members must provide open access to all publications generated in the framework of the project. Furthermore, these publications and data will have to be stored in Open Access repositories during and after the life of the project. 

According to the Grant Agreement Number 882828 (European Commission, 2020a), all members must comply with the current data protection regulations (GDPR, 2016). This document establishes a set of guidelines in compliance with the current European regulations, that all project members must follow, however it is the responsibility of each member to apply them correctly. 

The remainder of the document is structured as follows. In Section 2 we present the data taxonomy of the project based on the data questionnaire initially circulated among the whole consortium, where the project data is classified in 7 categories, namely: open content, interviews, police data, language data, game data, feedback from users, and dissemination materials. This information is complemented and updated with the specific data which is planned to be gathered through game (based on WP3). In Section 3 we discuss how the data will be made FAIR (Findable, Accessible, Interoperable, Re-usable). Section 4 presents the DMB (Data Management Board) that has been established to ensure that project data governance and monitoring is a managed process. In particular, Section 4 describes the structure and organization, as well as the main procedures that rules the DMB. Section 5 describes the project data catalogue that has been created following external Ethic Advisors’ suggestion to ensure that there is a single point where all the information about resources and datasets collected during the project is available. In particular, Section 5 provides details on how to access such a data catalogue, its structure, and the procedures that have been defined to keep it running and up-to-date. Section 6 provides an overview of the backend that has been designed to store the data gathered through the game. In Section 7, we describe the allocation of resources for data processing and storage in compliance with current European legislation (GDPR, 2016). In Section 8 we address the security employed to handle sensitive data and the techniques that will be used to pseudonymise such data. Finally, in Section 9 we discuss the ethical aspects of data processing in compliance with current European legislation (GDPR, 2016).