Information Security

Danish

You are here: Information Security Data protection (GDPR) For web editors

For web editors

This website contains useful information for web editors about what you need to be aware of in relation to the General Data Protection Regulation and the information you put on AU’s websites. 

Lists of participants

The website may not contain lists of conference participants, workshop participants etc, if you have not obtained the individual participant’s consent to publish personal data such as name. You need to look through all the websites you are responsible for - both old/archieved and new sites, and remove lists of participants if you do not have consent from the participants.   

If the list of participants is going to be published on the website to serve a specific purpose, when you create the event registration form, you must remember to ask for the participants’ consent to let their names appear on the list. Remember to write specifically how long the list will be available on the website.

Files

It is important to know what files you have on your website. If you have not obtained consent, you cannot have files with personal data on your website. In addition, files containing personal data must be deleted when publication of the file is no longer required in relation to the specific purpose.

When deleting files, remember to delete the link to the file as well as the uploaded file. Find guidelines here (ONLY IN DANISH). Please note that several websites may contain links to the same file.

 

Forms

If you collect personal data using a Powermail form on the website, you must do the following:

  1. Inform users of how the personal data is processed. You can use this standard text:
  2. “By using this form, you accept that Aarhus University stores and processes the personal data you provide to us to [describe the purpose of the collection of personal data]. Your personal data is stored (describe for how long the personal data is stored and whether it is erased/filed after processing). Read more in our privacy policy.”
  3. Ensure that the website is set up so that the data which is exchanged is encrypted (https). Your local IT support can help you to set this up: Find your local web support.
  4. Remember to delete any personal data that may be left in TYPO3, when you no longer have a purpose for storing the data/after 30 days at the latest.

Lists of employees, students etc.

When you create a list of persons, the list must serve a specific purpose, for example to provide easy access to employees’ contact information.

If the list is an extract from PURE, it does not require additional consent to have the list on the website.

However, consent must be obtained before you can publish other types of lists with personal data, e.g. list of students and others who are not employed at AU, on the website.

YouTube videos

YouTube channel owners control the rights to the content displayed on the site. We encourage you to reach out to them directly if you find a video that you'd like to display and/or reference. When displaying a YouTube video in a broadcast or webcast, please provide both an in-screen and verbal attribution by showing the username or real name of the applicable content owner.

Contacting a YouTube channel owner

Clicking on a YouTube username will take you to the main page of the user's channel. From there, you can use YouTube's on-site messaging system to contact the channel owner, as long as you are logged in to your own Google account. Simply click on the 'About' tab, then select 'Send Message' and fill out the electronic form.

Comments on content: 
Webredaktionen, Universitetsledelsens Stab

Revised 28.02.2020