Register processing of personal data to the record

A record is an overview of the processing of personal data. 

Pursuant to the rules of the General Data Protection Regulation, Aarhus University (AU) is obligated to maintain a record of all personal data processing activities performed by the university in the role of data controller or data processor.

The purpose of maintaining such a record is to ensure that AU has an overview of all personal data processing activities carried out by AU when AU is either the data controller or the data processor.

The university is also obligated to submit its record to the Danish Data Protection Agency upon the Danish Data Protection Agency’s request, so that the Agency can oversee data controllers and/or data processors.

There are only two formal requirements for the record: it must be written and it must be electronic. These requirements ensure adherence to the principle of accountability: you need written documentation to demonstrate accountability.

As a researcher employed at AU, you are responsible for ensuring that AU meets all data protection obligations in your research project. As an institution, AU is either a data controller or a data processor. However, it's your responsibility as a researcher to ensure an adequate level of data protection in your research project.

If you are responsible for processing personal data in a research project, you must ensure that the project has been registered in AU's record. Register your project using a notification form. 

• Register a research project in which AU is data controller
• Register a biobank or a database in which AU is data controller
• Register a processing of personal data in which AU is data processor

AU's role in your research project depends on how processing of personal data is to take place. Learn more about data protection roles.

As the contact person linked to a registration in the record, as a minimum you have the following obligations towards the record.

You must be able to answer/examine questions about data protection issues in relation to the processing of personal data.

You must inform the Research Data Office using this formular:

• if the processing of personal data that you registered changes. For example, if the number of data subjects changes, or if you include new data sources or other external actors. Remember to state the relevant serial number if the processing of personal data continues for longer than the end date for processing that we have received from you. 
• if you are going to disclose personal data to an external party.

You must contact the Research Data Office at fortegnelse@au.dk:

• It is important that you inform us about what has happened to the data when you stop processing personal data, and if the contact person/contact information changes, for example if:
  • you go on leave, including maternity/paternity leave.
  • your employment at AU ceases.
  • you change jobs internally at AU.

Contact the Research Data Office at fortegnelse@au.dk and ask for a copy of the information that has been registered with you as the contact person. Remember to indicate the serial number you received in the confirmation letter.