Frequently Asked Questions (FAQ)

Research ethics constitutes a fundamental principle of academic activity at UDC, and ethical evaluation is a key guarantee of quality, responsibility, and rigor in research activity. It is not merely a formal requirement, but a process that helps ensure that research is conducted in accordance with the principles of respect, justice, and social responsibility.

The CEID UDC acts as the evaluating body for research projects and studies that present ethical implications, although the ultimate responsibility for ethical conduct lies with all researchers and with the university community. In any case, research may not begin until a favorable report has been issued by the CEID UDC when ethical evaluation is mandatory. Through this evaluation:

• Free, voluntary, and informed participation is ensured, as well as the adequate understanding by participants of the purpose, procedures, and implications of the study, and the confidentiality and protection of personal data in accordance with current regulations.
• Possible physical, psychological, social, or reputational risks associated with the research are identified, assessed, and minimized, ensuring an appropriate balance between the risks assumed and the expected benefits.
• The methodological quality of the project is strengthened by requiring clarity in the objectives, design, and planned protection measures, while also increasing the scientific and institutional credibility of the results obtained. In many cases, ethical approval is also a necessary requirement for scientific publication, submission to competitive funding calls, and the development of interinstitutional collaborative research.
• Participants, researchers, and the institution itself are protected by providing a framework of legal security and institutional support.

• Clinical studies with pharmaceutical products.
• Clinical studies with medical devices.
• Clinical studies involving surgical procedures.
• Studies using clinical records.
• Studies involving biological samples.
• Epidemiological research.
• In public health, psychological, anthropological, and social research.
• Research involving human participants in the field of Social Sciences.
• Animals, animal samples, and biological material.
• Manipulation of pathogenic microorganisms or biological agents (BA).
• Uses of recombinant DNA technology.
• Handling of infectious material.
• Use of drugs, radiation, and chemical elements with harmful effects on humans, whether proven or not well defined.
• Environmental protection measures.
• Genetic manipulation of plants and animals or research involving genetically modified organisms (GMOs).
• Files and/or databases containing sensitive information.

It is a quality certification that ensures that people’s rights are protected.

• To ensure compliance with international and national standards regarding the protection of human beings and the use of personal information or biological samples of human, animal, or plant origin, or research with biosafety implications.
• To obtain public funding for scientific research.
• It is a requirement for publication in scientific journals.
• It is a requirement for presenting papers at scientific conferences.
• As a higher education institution, it is important to internationalize research, and in order for data to be comparable, research protocols must be evaluated by ethical-scientific committees.

The need for ethical evaluation depends on the type of study and the level of ethical implications involved. The UDC applies the principle of proportionality, meaning that not all studies require a favourable report from the UDC CEID, but all must respect the principles of integrity, confidentiality, and protection of participants.

 In general, the following DO NOT require evaluation or a report from the UDC CEID:

• Theoretical or literature review studies in which no people participate and no personal data are processed.
• Research projects and works based exclusively on secondary data that have already been anonymized (public databases, anonymized statistical archives, public records), provided that there is no possibility of re-identification.
• Studies or works developed within a research line that has already received approval from an ethics committee. In this case, a prior request must include the possibility of conducting different phases of the project or explicitly state that different final degree projects may derive from it.
• Studies that do not use personal data, for example, non-participant observations in public spaces (without interaction or identifiable/sensitive data).

Evaluation by the UDC CEID or another competent body will be mandatory for research projects or works that:

• Use identifiable personal data.
• Are carried out within the field of biomedical research and therefore involve human beings, their biological samples, or their personal data.
• Involve the direct collection of primary data and/or special categories of data (for example, health data, among others) from participants through direct interaction using any technique (questionnaires, interviews, direct observation, recordings, interventions, among others), whether identifiable or anonymous, including those involving vulnerable populations.

The above classifications are indicative. In any case, any researcher may voluntarily request the evaluation of their project or work by the UDC CEID. This may be especially advisable when the publication of results in a scientific journal is expected, as some journals may require a favourable report from an ethics committee as part of the editorial process.

If there is any doubt as to whether a research project or work must be submitted for evaluation by an Ethics Committee, it is recommended to consult the CEID in advance before starting the research at comite.etica@udc.es.

There are several situations in which the CEID UDC will not evaluate a project or research work submitted through the previously indicated procedures:

• Fundamental deficiencies: Reports will not be issued for projects that do not meet the minimum requirements necessary for evaluation. This includes cases where the protocol does not incorporate essential content required by the Committee, or when the research is in an early stage without sufficient development of the state of the art, the methodological design, or the ethical considerations. In such cases, revision and resubmission will be recommended.
• Research already initiated: According to Article 4 of the CEID-UDC Regulations, approved by the Governing Council on 3 April 2018 and amended on 26 September 2019, one of the Committee’s functions is to report on the ethical adequacy of research projects and studies “prior to their implementation” (Art. 4.2.a). Therefore, projects requesting a report for research that has already begun or has been completed without prior evaluation by an Ethics Committee will not be assessed.

In the case of research conducted wholly or partially outside Spain, or involving data collection in other countries, researchers must ensure compliance with the regulations in force in the country where the research activity takes place, without prejudice to the obligations derived from European regulations when applicable.

According to the Resolution of 3 November 2023 (Official Gazette of Galicia, DOG No. 225 of 27/11/23), the CEID-UDC is accredited by the Regional Ministry of Health to evaluate clinical studies, except for research carried out in facilities and using resources of centres belonging to the Galician Public Health System (SPSG), or research involving data from patients or users of the SPSG. Likewise, the evaluation and issuance of opinions on studies involving medicinal products or medical devices fall outside the scope of competence of the CEID-UDC.

In general, a favourable report from an accredited committee in Spain is sufficient. In any case, the study must be notified to the institution where it will be carried out and must have that institution’s approval.

If it is a multicenter project, authorization from the ethics committee of one of the participating centres is sufficient. For example, in the case of collaborative studies between the Universidade da Coruña and public hospitals or other public institutions, if the study has been approved by the hospital’s or the institution’s ethics committee, it will not be necessary for it to be reviewed by this university’s Ethics Committee.

The UDC CEID is a collegiate, interdisciplinary, independent, and consultative body that evaluates and guarantees the appropriateness of the ethical aspects of research and teaching and promotes the scientific and academic integrity of the UDC.

Its main function is to evaluate research projects and works and to report on their ethical, methodological, and legal adequacy before they begin, as well as on academic activities that may involve the participation of individuals, the processing of personal data, access to sensitive information, or any circumstance likely to generate relevant ethical implications. To this end, the CEID UDC verifies that research projects and works comply with current regulations and incorporate the necessary measures to protect participants. In addition, the CEID UDC contributes to promoting an institutional culture of ethics and integrity in research and teaching by providing guidance on academic activities that may involve the participation of individuals, the processing of personal data, access to sensitive information, or any circumstance that may generate significant ethical implications.

The committee’s secretariat acts as a single point of entry and contact with the CEID. If a study is to be submitted for evaluation, the documentation must be sent in accordance with the established requirements.

The UDC CEID carries out an impartial, confidential, and rigorous evaluation of the research projects or works submitted by researchers, who will be provided (where appropriate) with a report on their ethical, methodological, and legal adequacy. This ethical evaluation must be requested before the beginning of any data collection activity or intervention involving participants and must be submitted according to the following stages:

(1) Preparation of the documentation. The researcher must prepare the complete project documentation in a clear, coherent, and sufficient manner to allow a rigorous evaluation of the project’s ethical, methodological, and legal aspects. The documentation usually includes:

• A report or detailed study protocol (objectives, justification, methodology, timetable, research team, etc.) in accordance with the standard UDC CEID template in Spanish, Galician, or English.
• Information sheet, confidentiality commitment, and informed consent document, duly completed, for which a template is also available.
• Data collection instruments (questionnaires, interview guides, scales, forms, etc.).
• Personal data processing and protection plan.
• Institutional authorizations, when applicable.
• Statement of responsibility or specific commitments that may be required.

The documentation must be clear, coherent, and sufficient to allow a rigorous evaluation of the project’s ethical, methodological, and legal aspects.

(2) Formal submission of the application. Together with the protocol and the participant information, the applicant must submit a request for evaluation addressed to the CEID UDC. Once all the documentation is available, the applicant must submit it through the Electronic Application Form available on the UDC CEID website. Incomplete submission or submission with formal deficiencies may give rise to a request for correction before the evaluation begins.

The UDC CEID receives evaluation requests throughout the year, meeting once a month (except in August) to assess applications submitted by the 25th of each month. Applications submitted from the 26th onward will be evaluated in the following month (e.g., if an application is submitted on January 25, it will be evaluated and reported on during February, after the official CEID meeting; if the application is submitted on January 27, it will be evaluated and reported on in March).

(3) Review and evaluation. Applications admitted for processing are assigned for review in accordance with the established internal mechanisms. Depending on the nature and complexity of the project, the evaluation may be carried out through an ordinary review in a collegiate session or, where appropriate, through other procedures provided for in the internal regulations. Decisions are adopted collegially in a formally convened session (see the meeting calendar here), ensuring joint deliberation and proper justification of the decisions. Since deadlines and calendars may change, it is always recommended to verify the updated information before planning the submission of a research project or work for evaluation.

(4) Decision and communication. If modifications are requested, the researcher must submit a revised version responding in detail to the observations made. After each ordinary meeting, and within a maximum of 10 days, the result of the evaluation carried out will be communicated to the applicant. The report issued by the CEID will refer to the applicant’s details, the project title, the identification code, the date of the meeting at which it was evaluated, the classification granted, and the reasons for the decision.

By email (comite.etica@udc.es), a report will be sent to the applicant stating the decision adopted by the committee. This report will be drafted in Galician, except for a favourable one, which will also be prepared in Spanish and English. The report issued may include recommendations or specific conditions that must be fulfilled during the course of the study. The type of response may be:

• Favorable: positively evaluates the ethical aspects of the project.
• Unfavorable, revision required: indicates that there are deficiencies in the applicable ethical requirements and that this non-compliance can be remedied. A period of two months is established to correct the deficiencies and submit the review request through the form.
• Unfavorable: concludes that the project does not meet the applicable ethical requirements and cannot be modified to ensure compliance.
• Exempt from evaluation: indicates that the project does not require evaluation by the UDC CEID.

Research may only begin once a favourable report has been obtained, when ethical evaluation is mandatory. If modifications are requested, the researcher must submit a revised version that responds in detail to the observations made, within a maximum period of two months from the sending of the decision by the UDC CEID.

(5) Follow-up and subsequent modifications. Any substantial modification to the approved project (changes in the sample, instruments, procedure, research team, or data processing) must be communicated to the CEID for assessment.

Likewise, follow-up mechanisms may be established when the nature of the study so requires. When a project evaluated by the CEID is concluded, the principal researcher must formally notify its completion through the designated form. When a project evaluated by the CEID is concluded, the principal researcher must formally notify its completion through the designated form.

The complete processing and evaluation procedure is regulated in the official CEID Evaluation Procedure document. It is recommended that the application be submitted sufficiently in advance of the planned start date of the study.

There is no cost.

The committee holds regular monthly meetings. The meeting calendar is approved by the plenary session of each committee and can be consulted on the website (Meeting schedule)

Approximately one month from the date the file is submitted to the UDC CEID.

The documentation required for ethical assessment by the UDC-CEID can be found on the UDC-CEID website (Templates and guidelines). Generally, the following must be submitted:

(a) A report or detailed study protocol (introduction and justification, objectives and hypotheses/research questions, methodology, timetable, research team, etc.) in accordance with the standard UDC CEID template in Spanish, Galician, or English. In this document, it is recommended that researchers provide their institutional email addresses (not private emails), especially the principal investigator’s.

Likewise, the following information must be included where appropriate:

• For research works and projects submitted to competitive calls or funded by companies or other entities: the complete document submitted to and approved in the call. It shall be included as an annex in the same document.
• For Bachelor’s Final Projects, Master’s Final Projects, and Doctoral Theses: the faculty in which it is carried out, the name of the tutor/supervisor and director, and the Master’s and Doctoral Program to which it is attached. This shall be indicated on the first page after the title.
• For research works and projects drafted in a foreign language: at least a summary in one of the official languages of the UDC.
• Data collection instruments (questionnaires, interview guides, scales, forms, etc.). These shall be included as an annex in the same document.

(b) Information sheet, confidentiality commitment, and informed consent document, duly completed, for which a template is also available. Information must be provided on the study, objectives, methodology, period during which the research will be conducted, expected benefits, voluntary nature of participation, person responsible for the study, freedom to withdraw from the study or revoke authorization to use the data, and data and information processing in accordance with the provisions of the Data Protection Act. In addition:

• If the research project involves work with minors, all researchers must submit a certificate showing they have no prior convictions for sexual offences.
• If the research is carried out in centers or laboratories, authorization from the corresponding responsible person must be provided.

(c) Statement of responsibility or specific commitments that may be required.

In other cases, and depending on the type of research, it is also recommended to include the following as annexes:

• Authorization form from the higher body of the public institutions where information is to be collected (e.g., authorization form addressed to the Faculty of Health Sciences in order to access the field)
• Authorization form from the higher body of the public institutions where information is to be collected (e.g., authorization form addressed to the Faculty of Health Sciences in order to access the field)
• Possible data protection impact assessment
• Personal data processing and protection plan. Template/outline/questionnaire indicating what information is to be collected from participants in the study. It is important not to collect variables that allow participants to be re-identified. In addition, the principle of data minimization established by the General Data Protection Regulation (REGULATION (EU) 679/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016), Articles 5 and 89, must be followed, according to which only the minimum information necessary to achieve the purpose pursued by the study shall be collected and processed.
• Except where materially impossible, the complete documentation for the research work or project shall be submitted in electronic format and, where applicable, the format required by the CEID shall be respected.

Once all the documentation has been submitted by the principal investigator through the CEID Form, the CEID Secretariat checks that all the documentation necessary to carry out the evaluation is included in the application. If this is the case, it will be submitted for evaluation in the next call (provided that submission is made by the 25th of the month). If missing documentation is detected, an email will be sent to the applicant so that it can be corrected as soon as possible. If this is done with sufficient time, the CEID will evaluate it for the next call. If it does not arrive in time, the applicant will have to wait for the following month’s call.

The CEID bases its decisions on internationally recognized ethical principles that guide research involving human participants: respect for the autonomy and dignity of participants, beneficence, non-maleficence, and justice. These principles are reflected in the requirement for free and informed participation, an appropriate assessment of risks and benefits, methodological proportionality, and the effective protection of confidentiality and personal data.

The evaluation is carried out in accordance with the current Spanish and European regulations on research and data protection, as well as the internal regulations of the UDC. In particular, Regulation (EU) 2016/679 of 27 April 2016 (General Data Protection Regulation), Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights, as well as any specific provisions applicable depending on the nature of the project (for example, regulations on biomedical research or patient autonomy), are applicable.

In order to ensure transparency and consistency in the evaluation process, the CEID has a specific document on Ethical Evaluation Criteria, which details the aspects analyzed in each application. Among other elements, the following are assessed:

• The scientific and social justification of the project.
• The suitability of the methodological design in relation to the stated objectives.
• The identification and minimization of possible risks for participants.
• The clarity and sufficiency of the information provided in the information sheet.
• The adequacy of the informed consent procedure
• The measures for confidentiality, anonymization, and protection of personal data.
• Additional safeguards in cases involving vulnerable populations.

The selection of participants must be based on scientific criteria and not on reasons of convenience, avoiding both the overexposure of certain groups to risks and their unjustified exclusion from the potential benefits of the research.

This document, available on the institutional website, constitutes an essential reference tool for those wishing to submit a project for ethical evaluation, as it provides guidance on the required standards and facilitates the proper preparation of the documentation.

Once the research work or project for which an evaluation was requested has obtained a favorable report from the UDC CEID, the principal investigator will receive a report in all three languages (Spanish, Galician, and English). If an English report is needed for any of the other decisions adopted by the UDC CEID, you may contact the secretariat (comite.etica@udc.es) and explain your situation.

All ethical standards recommend that researchers request the approval of an ethics committee at the initial stage of the research, when the definitive design of the research has just been decided. The objective is to ensure that, from the outset, all relevant research issues with ethical implications have been considered and adequately resolved. However, incidents occur relatively frequently, or new research objectives emerge that imply changes to the design initially established. In this case, if substantial changes have occurred that imply reconsideration of the ethical implications initially foreseen, it will be necessary to resubmit the research for evaluation so that the UDC Research Ethics Committee can assess the scope of the new decisions adopted and rule on their adequacy in relation to ethical standards.

Ethical research is based on the principles of justice, beneficence, and non-maleficence, with the ultimate objective of ensuring that research provides the greatest possible benefit and avoids, as far as possible, risk to participants. Assessing the benefits or harms that research may generate is not an easy task, but it is necessary to reflect on this and make decisions accordingly.

On the one hand, observing the principle of beneficence incorporates the idea of reciprocity, whereby the participant, while contributing to the research, should also obtain something in return. Beyond the expected benefits that the research may bring to the social group to which they belong, the participant may obtain benefits that may be either financial compensation for the time invested or compensation in less material terms. Participating in research can be a rewarding, educational, therapeutic experience, or it may simply be positive because their opinions and points of view are being heard. As researchers, we must think about what those benefits are and report them (in the informed consent sheet) realistically, so that false expectations are not generated. Another way to provide benefit to participants may also be to return the research results to them, especially if they are allowed the possibility of giving their opinion on them. In this way, not only is their knowledge increased, but participants are also given opportunities to take part. This brings great benefits to social research, not only to reinforce the validity of the results obtained, but also because it promotes a more open and equitable science.

On the other hand, the principle of non-maleficence seeks to prevent research from causing harm to the participant. Although it is true that, in the field of social research, compared with other sciences such as biomedical sciences, the chances of causing physical harm are less likely, research can sometimes be intrusive and may cause suffering to participants. Harm or injury in research can take many forms, come from different sources, and be determined by the topic of the research, the methods, or the environment. It is necessary to reflect on this and, if possible risks are identified, measures must be adopted to minimize the harm and avoid it as far as possible. In addition, the measures adopted must be maintained throughout the research process and, if necessary, extended beyond it.

Traditionally, in the field of research, it has been assumed that all subjects are equal and that, therefore, the possibilities of participation in research are also equal, but this is not the case. Sometimes, within a group of participants, there are social, political, or economic inequalities that may affect equal opportunities to participate in research. In fact, some of the most vulnerable potential participants in research may sometimes be excluded out of a well-intentioned desire to guarantee their protection. For example, it may be considered preferable to avoid having foreign participants who do not speak a language well, or those who have learning difficulties, collaborate in the research, since they may not properly understand what is required of them. It is also common to exclude participants on the grounds of age, because they are very old or very young, with the aim of ensuring their well-being. However, the most current ethical principles encourage inclusive science, since otherwise incomplete or biased results may be produced.

Therefore, when designing the research, it is necessary for the researcher to assess whether all potential participants have been able to collaborate in the research and to define clear and justified inclusion and exclusion criteria. Likewise, the researcher must assess whether the most appropriate methods have been used for equitable participation and, if necessary, the adaptations needed for all potential participants to collaborate in the research under equal conditions must be made. For example, interpreters, easy-to-read documents, or more pauses may be used, among other adaptations.

“Personal data” means any information relating to an identified or identifiable natural person, and such data must be processed in accordance with the rules governing this matter: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), and Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD). Anonymous data cannot be associated with a particular individual. Once data are truly anonymous and individuals are no longer identifiable, they cease to fall within the scope of the GDPR.

Not all personal data are the same, and some are considered sensitive or specially protected because they affect the privacy, public freedoms, or fundamental rights of research participants. The European data protection regulation establishes that personal data revealing ethnic or racial origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as data concerning health, sex life, or the sexual orientation of a natural person, fall into this category.

According to the GDPR definition, biometric data are personal data relating to the physical, physiological, or behavioral characteristics of a person that enable or confirm their unique identification. Biometric data are therefore those that enable the identification of a natural person through technical processes that collect information relating to their physical, bodily, or behavioral features, such as facial image, fingerprint, or similar.

Pseudonymization is a data processing technique in which personal identification information (for example, a person’s name) is replaced by a unique identifier that is not connected to their real-world identity, using a code or label. For example, data encryption is a process of pseudonymization. This process transforms personal data in such a way that the resulting data cannot be attributed to a specific data subject without the use of additional information. The General Data Protection Regulation provides for this technique as an alternative to anonymization (when anonymization cannot be carried out) because it reduces risks for data subjects. However, the regulation reminds us that pseudonymized data still constitute personal data and are therefore subject to additional controls. Thus, the additional information (for example, the encryption key) must be kept separately from the pseudonymized data in order to avoid personal identification.

Anonymization is the processing of personal data in such a way that they can no longer be attributed to a data subject, reducing the risk of re-identification below a certain threshold. It is not always possible to reduce the risk of re-identification below a previously defined threshold while at the same time maintaining the usefulness of a dataset for a specific processing purpose. Depending on the context or the nature of the data, re-identification risks may not be sufficiently mitigated. This may happen when the total number of possible individuals (“universe of subjects”) is too small (for example, an anonymous dataset containing only the 705 members of the European Parliament), when the data categories are so different among individuals that it is possible to single them out (for example, the device fingerprint of the systems that accessed a particular website), or when datasets include a high number of demographic attributes or location data. In theory, it might be considered that deleting the encryption key of encrypted data would make them anonymous, but this is not the case. One cannot assume that encrypted data cannot be decrypted simply because it is said that the decryption key has been “deleted” or is “unknown.” Many factors affect the confidentiality of encrypted data, especially in the long term. These include the strength of the encryption algorithm and key, information leaks, implementation problems, the amount of encrypted data, or technological advances (for example, quantum computing).

A person must be designated as responsible for ensuring compliance with all security measures. Remember that all team members are committed to safeguarding the confidentiality of the research’s personal data. The person responsible for data processing is the one who determines the purposes and means of processing personal data.

For data collection and storage, use only the applications that the UDC has available under service contracts at any given time. For example, the tools currently available for creating online forms are Microsoft Forms and Lime Survey, and for cloud data storage, OneDrive.

Secure procedures must be established for access to information and for responding to the person who has provided their data when they wish to exercise their rights. If considered appropriate, passwords may be established to access files containing the most sensitive information. The communication of personal data or information to third parties in telephone calls or emails must be avoided; in the case of storing paper documents, this must be done in secure places.

No. In this case, consent is given by agreeing to answer it. You only need to make sure that the survey is truly anonymous. Remember that there are data that allow people to be identified, so you must be careful about the data requested from the participant. Likewise, you must ensure that the participant receives sufficient and understandable information about the purpose of the research and its anonymous nature. This is especially important in the case of vulnerable participants. The information must be explained with complete clarity so that participants understand what it means to take part in anonymous research. We recommend that, if it is done through an Online Form, downloading the information sheet should be allowed so that it remains available to participants in the future.

You must take into account considerations regarding participation and consent. In relation to participation, first of all, it must be fully justified that the participation of minors is necessary. If the object of study can be addressed in another way, avoiding their participation, it is preferable to avoid it. Going through a procedure is not always harmless and, therefore, minors should only participate when there is no other alternative. For this reason, it is very important to carefully assess the benefits and risks involved for the minor in participating in the research and to consider whether another methodological strategy that avoids participation is possible. You should also carefully assess, depending on the object of study, which research method or technique would be less invasive.

In relation to consent, a distinction must be made between those under and over 14 years of age. If they are under 14, it is necessary to obtain the consent of the parents or legal representatives. If they are between 12 and 14, it is recommended that double consent be requested, that of the parents and that of the minors, because international regulations recognize the right of children over 12 years of age to express their opinion in decisions affecting them. If, on the contrary, the minors participating in the research are 14 years old or older, they may freely give their consent without needing approval from their parents. In both cases, what is required is to prepare informed consent documents written in clear language so that there is no doubt about what type of participation is being requested, what that participation entails, and to clearly detail the benefits and risks involved for them.

It must also be made very clear that they have the right to withdraw whenever they wish, and even to request afterwards that the information they provided not be taken into account. To this end, procedures that are understandable and accessible according to the resources available to minors must be enabled.

Finally, if the research consists of collecting anonymous information, an information sheet must be prepared clearly explaining all aspects of the research and what it means for the information to be collected anonymously. The objective should always be to ensure that communication between researchers and minors does not give rise to misunderstandings or generate false expectations among young participants.

For data storage, use only the applications that the UDC has available under service contracts at any given time. For example, the application currently available for cloud data storage is OneDrive.