GDPR guidelines for the university's use of social media
Here, you can find guidelines for Aarhus University's use of sociale media in regards to GDPR. The guidelines apply to all AU employees who communicate in a professional context through a site or open/closed group which is administered or owned by a unit at AU.
Sharing information
You may not communicate confidential or sensitive personal data or confidential information on social media.
You may not encourage others to share/send sensitive personal data or confidential information on social media. If you receive unsolicited sensitive personal data or confidential information, you must refer the sender to the correct AU email address for further support and then delete the post/message.
In order to minimise the risk of receiving sensitive personal data and confidential information, you should insert a line about this if using an auto-reply in the Direct Mail function.
A note on the ‘Private Message’ function, e.g. Messenger
Messages received through the Direct Mail function must be deleted as soon as possible when the correspondence is concluded. If the message includes sensitive personal data or confidential information, you must refer the sender to the correct AU email address for further support and then delete the message.
The number of administrators and editors must be limited and justified - this applies to both internal and external partners.
As an administrator, it is your duty to inform your followers and anyone who visits the site/group that you collect personal data. You can do this by providing a link to AU’s privacy policy (or, as a minimum, a link to an AU website that has a link to AU’s privacy policy in the footer) on social media.
Users have a right of access, objection and deletion. E.g. As an administrator, it is your duty to delete content based on a user request, if the content concerns the user in question.