When, as a webmaster, you publish personal data about others on a website, you are considered as the data processor. This means that you are responsible for assessing whether the information should be publicly available on a website.
It may help to familiarise yourself with how data is classified at AU, so that you know what data you need to be especially careful with. Information about the different types of data.
You are generally allowed to display contact information for AU employees (also researchers), for example, but you must ALWAYS have consent to publish contact information about students. Read more about consent.
However, whether you can publish personal data on a website will always depend on a specific assessment of the data and the purpose for displaying the data. For example, a valid purpose is to give easy access to contact employees by displaying their name, email and telephone number.
Note, however, that an employee may subsequently ask you to delete their personal data. If you upload data about an employee manually, for example without using PURE, you must always keep track of exactly where you have uploaded the personal data.
Therefore, always ask yourself:
Both the assessment of a valid purpose and/or valid consent will always be based on a individual assessment that you alone can make as the data processor.
The website may not contain lists of conference participants, workshop participants etc, if you have not obtained the individual participant’s consent to publish personal data such as name. You need to look through all the websites you are responsible for - both old/archieved and new sites, and remove lists of participants if you do not have consent from the participants.
If the list of participants is going to be published on the website to serve a specific purpose, when you create the event registration form, you must remember to ask for the participants’ consent to let their names appear on the list. Remember to write specifically how long the list will be available on the website.
It is important to know what files you have on your website. If you have not obtained consent, you cannot have files with personal data on your website. In addition, files containing personal data must be deleted when publication of the file is no longer required in relation to the specific purpose.
When deleting files, remember to delete the link to the file as well as the uploaded file. Find guidelines here (ONLY IN DANISH). Please note that several websites may contain links to the same file.
If you collect personal data using a Powermail form on the website, you must do the following:
When you create a list of persons, the list must serve a specific purpose, for example to provide easy access to employees’ contact information.
If the list is an extract from PURE, it does not require additional consent to have the list on the website.
However, consent must be obtained before you can publish other types of lists with personal data, e.g. list of students and others who are not employed at AU, on the website.
YouTube channel owners control the rights to the content displayed on the site. We encourage you to reach out to them directly if you find a video that you'd like to display and/or reference. When displaying a YouTube video in a broadcast or webcast, please provide both an in-screen and verbal attribution by showing the username or real name of the applicable content owner.
Clicking on a YouTube username will take you to the main page of the user's channel. From there, you can use YouTube's on-site messaging system to contact the channel owner, as long as you are logged in to your own Google account. Simply click on the 'About' tab, then select 'Send Message' and fill out the electronic form.