The rules governing the processing of personal data do not set any specific requirements concerning security. No requirement is thus made for the persons who process either sensitive or ordinary personal data to have their own office, or that personal data may only be processed electronically.
The general rule is that both the data controller and the data processor must take appropriate technical and organisational security measures on the basis of a specific risk assessment. The assessment may entail that concrete, physical or technical measures must be taken, such as locking up premises and taking other measures to ensure that sensitive data cannot be accessed by unauthorised persons.
Who may view the personal data that I process?
Read more about the security of processing.
The rules for secure storage of personal data are, in principle, the same for digital and physical material. This means that only persons in positions of trust with a legitimate need may have access to the personal data.
When you have finished working with personal data and the result is available in final form, please note that different rules apply. E.g. sensitive personal data in its final form may not be stored in AU’s e-mail and calendar program (Outlook) because it is not intended for the storage of sensitive personal data.
In principle, you have three options:
NOTE! Academic staff must be aware that, in accordance with the “Responsible conduct of research at Aarhus University”, primary data (and thereby sensitive personal data) data MUST be stored for minimum five years after “completion” (i.e. in practice for minimum five years after the most recent publication of new results from a given data set). In this respect, AU is also obliged to make servers, archives etc. available.
As a general rule, you may do as you wish with your own personal data, and therefore it may be kept in e.g. a binder in your office. It is a good idea to mark the binder as ‘Private’.
You may store personal data for as long as necessary for the purpose for which the data was collected. This means that you may store the project description for as long as you are working with it or on the subsequently approved project. After this, it must be deleted. If the project is not approved, and you wish to retain the project description for any later applications, you must make it anonymous so that it does not contain personal data. In the case of sensitive personal data, other rules apply to storage (storage for a maximum of 30 days).
In the case of published articles and reports, these may be retained. If the articles and reports have not yet been published, this will depend on the purpose of storing them.
Documents and receipts containing personal data may only be saved until the settlement has been approved. After this, the documents are stored electronically in the travel expense settlement system and must be deleted from the mailbox and from network drives, etc.
You must send final contracts for research and consulting projects to firstname.lastname@example.org (Technology Transfer Office at AU Research Support and External Relations).
As a general rule, accounting documents must be stored for five years. For specific projects, accounting documents may be required to be stored for longer. If the documents contain information additional to the details entered in REJSUD/Indfak, it is recommended that this information be attached.
Once a document has been scanned and attached to e.g. a travel expense report, it may be discarded. If the scanning proves to be illegible, a solemn declaration will be valid documentation.
Work-related lists may be saved to the shared drive (O drive) with a description of purpose. The lists must be kept up-to-date and must be deleted when they are no longer needed.
Initiatives among colleagues of this nature are voluntary and are deemed to be private. They are therefore not subject to the data protection rules.
It is recommended that the lists clearly state that participation is voluntary. The lists must be kept up-to-date and must be deleted when they are no longer needed. The lists may be saved to the shared drive (O drive) or on the personal drive (U drive).
Requires consent, i.e. the employee must submit the information voluntarily, and the employee must always be able to ask for information to be updated or deleted. Information is only stored for current employees in a secure folder on the O drive.
Must be deleted after typing-in. Payroll has separately informed staff registering hourly pay.
Only necessary information which is relevant to store from a professional point of view may be stored. Must be stored in a secure folder on the O drive. Must be reviewed regularly and updated, for example in relation to employees who have left. Information must be deleted on an ongoing basis when it is no longer relevant.
Information must be saved in a secure folder on the O drive until pay negotiations have been completed. The information is then deleted.
Saved in a secure folder on O drive for as long as there is a real need. The information is then deleted.
An email with information about childcare days can be saved in a secure folder on the O drive until the end of the calendar year (January). The information is then deleted.
The email can be saved in a secure folder on the O drive until the end of the holiday year.
As a rule, the email is deleted after entering information into mitHR. Information may be stored for up to a maximum of 30 days after receipt. If a long-term period of absence due illness is expected (more than 30 days), the email should be sent to HR for record-keeping.