If you are the system owner of a system which processes personal data, your system must comply with the rules in the General Data Protection Regulation (GDPR) and the Danish Data Protection Act. In addition to knowledge about the legislation, you must also be familiar with AU’s policies and guidelines in this area. Find more information here.
If you are the system owner of a system that contains personal data which is exchanged with external data processors, a written agreement between AU and the external data processor is required. This may be in connection with operational, hosting or cloud solutions or other purchased consultancy services. Read more about data processing agreements.
AU must have an overview of all personal data processing activities. This information must be gathered in a record of processing activities.
If you are responsible for a new system as system owner, and therefore responsible for a new personal data processing activity, before you start the processing activity you must contact AU’s Data Protection Unit and inform them about the processing activity by writing an email to the following email address: firstname.lastname@example.org.
As a system owner, if you can answer ‘yes’ to at least one of the questions below, you must prepare an impact assessment.
By preparing an impact assessment, you can decide, on an informed basis, whether or not to start the processing of personal data despite the risks identified in the impact assessment.
If you have questions concerning the impact assessment, please contact the data protection officer by email using the following email address: email@example.com.
In some situations, AU is obliged to obtain advance approval from the Danish Data Protection Agency of future processing of personal data. If you have questions, please contact the data protection officer at this email address: firstname.lastname@example.org.
As system owner, you are responsible for ensuring that the system users receive the necessary instructions on how to use the system and information about the rules and obligations connected to the use of the system. You can find additional information under 'Clean-up/updating'.
As system owner, it is relevant to uncover in advance which rights the system in question must be able to comply with. Read more about the rights of data subjects.
As system owner, you are also responsible for ensuring that the system is updated in relation to the personal data which is being processed. This obligation will typically be transferred to the users of the system, and it is therefore important that the users are informed on an regular basis about their tasks and obligations as well as changes in general.
As system owner, you are the primary person and involved if a security breach occurs on your system. Maybe you discover the error yourself, or you are informed by a system user, or you are contacted by a person outside your organisation or by a supplier. When that happens, you must report the security breach by using this form or by contacting the local IT support team.