School of Communication and Culture - Staff portal

Dansk

 AU  Staff Departments  School of Communication and Culture IT systems & equipment Information security and data protection (GDPR)

Information security and data protection (GDPR)

Information security

Information security and data protection (GDPR)

As an employee, you must familiarise yourself with AU's policy and guidelines within information security and GDPR (data protection). Among other things, it is important that you as a researcher ensure that you store your files and research data correctly. You can contact Arts IT support if you have any questions about drive/file sharing.

You will find relevant material on information security, appropriate backup of files, etc. at medarbejdere.au.dk/en/informationsecurity.

Read and comply with AU's rules for information security

9 good tips on how to look after information

As an employee and student at Aarhus University, you have a duty to know and comply with the rules for information security below. In addition, you must be familiar with the central information security policy.

Data protection and GDPR

Data protection/GDPR

As mentioned above, it is important to be know the laws and regulations on data protection/GDPR. On this site you will find information on precautions you should take in the different roles in the organisation.

You are expected to complete the online course offered in GDPR within the first 3 months of your employment.

Find information on this page about AU's rules for data processing agreements. Remember that data processing agreements must always be filed in Workzone.

Processing and storing data

See this matrix regarding AU's classification of data

See examples of systems on which you can save the different types of data. Exactly which system you should choose depends on your responsibilities. It may depend on the duty to record and file, functionality, how long the data must be stored, and which system is used for your specific tasks.
Ask your colleagues or your immediate supervisor if you are in doubt.

 

PUBLIC INTERNAL CONFIDENTIAL SENSITIVE
Panopto Yes Yes No No
Workzone Yes Yes Yes Yes
mitHR (HR) Yes Yes Yes Yes
U-drive (personal drive) Yes Yes No* No*
O-drive (shared drive) with limited log safety (standard) Yes Yes Yes No
O-drive (shared drive) with extended log safety (contact IT-support) Yes Yes Yes No*
STADS Yes Yes Yes Yes
TYPO3 Yes No No No
OneDrive Yes  Yes No* No*
Sharepoint Yes Yes No* No*
Outlook Yes Yes No No
Teams + Zoom Yes Yes No* No*
Other online Microsoft services Yes Yes No* No*
Survey-Xact Yes Yes Yes Yes
REDCap Yes Yes Yes Yes
Free Cloud services, e.g. Dropbox or Google drive** Yes No No No

Yes: You are ALLOWED to save/share data here
No: You are NOT ALLOWED to save/share data here
No*: Saving requires that the personal data has been PSEUDONYMISED

**AU has not assessed use of the individual cloud services. Therefore, you must ensure that the use complies with the terms of service that apply to the service in question. Please note that the use of cloud services may entail disclosure and/or a transfer covered by the rules on data protection.

5 good tips for handling personal data

1. Clean up your mailbox

Below are some guidelines for cleaning up your mailbox. Find the category that best matches your situation, and follow the guidelines.

Read about how to handle email as an employee at AU. 

A. I have “no” personal data

You may be a researcher who does not conduct research using personal data, or an employee without personnel responsibility.

Note that, even if you do not work with personal data, you may still have personal data in your mailbox that should be stored elsewhere or deleted, because you are no longer storing the data for a purpose. Search for: 

  • Emails with notification of illness from colleagues: search for illness, child's first day of illness etc.
  • Emails concerning appointment committees: search for application, CV, CPR no. etc.
  • Emails about working hours, including holiday: search for holiday, leave, time off in lieu etc.
  • Emails about salary: search for salary, supplements etc.
  • It is also a good idea to search for emails sent from your HR partner and union representative. 

You are allowed to send and save so-called neutral mails in your inbox.

Neutral mails are defined as mails which include no personal information other than the names of employees referred to in connection with their professional role in a case or project. General or concrete anonymised guides, meeting minutes, course material, general projects, etc.

B. I have some personal data

You may be a researcher who carries out research using a small amount of personal data, an employee with personnel responsibility, a PA or secretary, case officer or union representative.

Consider whether you have personal data in your mailbox that should be stored elsewhere or deleted, because you are no longer storing the data for a purpose. Search for:

  • Emails about hiring, termination of employment, summary dismissal: search for application, CV, CPR no., contract etc.
  • Emails with notifications of illness: search for illness, child's first day of illness etc.
  • Emails about working hours, including holiday: search for holiday, leave, time off in lieu etc.
  • Emails about salary: search for salary, supplements etc.
  • Emails about right of access to documents
  • Emails with extracts of personal data from IT systems and Office applications
  • It is also a good idea to search for emails sent from your HR partner and union representative. 

You are allowed to send and save so-called neutral mails in your inbox.

Neutral mails are defined as mails which include no personal information other than the names of employees referred to in connection with their professional role in a case or project. General or concrete anonymised guides, meeting minutes, course material, general projects, etc.

C. I have a lot of personal data

You may be a researcher who carries out research using a lot of personal data, an employee in the HR or studies administration area, a case officer or system administrator.

Consider whether you have personal data in your mailbox that should be stored elsewhere or deleted, because you are no longer storing the data for a purpose. Search for:  

  • Emails with research data. Has the work using the personal data been completed? Must the personal data be filed?
  • Emails about hiring, termination of employment, summary dismissal: search for application, CV, CPR no., contract etc.
  • Emails with notifications of illness: search for illness, child's first day of illness etc.
  • Emails about working hours, including holiday: search for holiday, leave, time off in lieu etc.
  • Emails about salary: search for salary, supplements etc.
  • Emails about right of access to documents
  • Email about cases: search for case number or keywords such as document fraud, illness, copying, theft etc.
  • Emails with extracts of personal data from IT systems and Office applications
  • It is also a good idea to search for emails sent from your HR partner and union representative. 

You are allowed to send and save so-called neutral mails in your inbox.

Neutral mails are defined as mails which include no personal information other than the names of employees referred to in connection with their professional role in a case or project. General or concrete anonymised guides, meeting minutes, course material, general projects, etc.

2. Clean up network drives

Read about processing and storing personal data

3. Clean up your desktop on your computer

Many of us have the habit of letting the documents we are working with be displayed “temporarily” on the computer's desktop, so that they are easy to open. The problem is that the desktop quickly becomes unmanageable, and that documents with personal data are easy to find if someone gets access to your computer.

  • Do not have any documents with personal data on your desktop, C drive or external drives such as USB flash drives and external hard drives.
  • Make sure that your files have a fixed and secure location from the outset.
  • Always keep your computer locked with a password when you leave it.

        

4. Clean up your physical desk

Do you print documents that need to be read carefully? If you do, please be aware that documents containing personal data lying on your physical desk, in an unlocked drawer or displayed on a noticeboard can easily be stolen or lost.

  • Make sure that printed documents containing personal data that is to be retained are securely locked in a secure archive room.
  • Be sure to shred printed documents with personal data that you no longer use.

5. Clean up your mobile devices

Make sure that no personal data is stored on your smartphone, tablet and/or laptop computer, as this may present a security risk if a device is lost or stolen.

        

TikTok

Rules for use of TikTok on AU devices

AU follows the advice from the national Centre for Cyber Security not to use TikTok on work mobile devices. Below you can read some questions and answers about TikTok.

Visit  AU IT's FAQ on TikTok.

Revised 31.01.2024
-
Anne Hejn Pjengaard