Stricter rules on personal data use
The coming data protection regulation (GDPR) tightens the rules regarding the handling and storage of personal data. Targeted efforts are underway to ensure that AU is in compliance with the rules and is able answer all questions. Regular updates on the stricter rules concerning the use of personal data will be provided.
Personal data is used in many different areas of the university and in many different ways, so the new data protection rules will give rise to numerous questions. Do I need to register my research project? How long can I store emails containing names and social security (cpr) numbers? Do I need to sign a data processing agreement? What is the procedure for registering academic papers containing personal data? These are some of the questions that will arise as a result of the new general data protection regulation. The new rules will have consequences for research projects using personal data, and for the administration of research and education.
In broad terms, this means that current personal data legislation, which has been in place since 2000, will be replaced by the new general data protection regulation on May 25, 2018. Personal data rules will be tightened to ensure that personal data is handled, stored and processed in a more secure manner. The aim is to make it easy for individuals to get information about their own data, and about the way this data is processed by others. To emphasise the importance of the protection of personal data, the university may be fined if we fail to comply with the stricter rules.
Get answers to your questions
At www.au.dk/dataprotection you can read more about the rules and guidelines regarding data protection. Including answers to:
- Do I need to register my research project?
- How long can I store emails containing names and social security (cpr) numbers? And how should I generally handle emails containing personal data?
- How do I/we enter into a data processing agreement?
If you don’t find the answer to your data protection questions here, feel free to contact AU’s data team. You will find their contact information on the website.
Stay informed
www.au.dk/dataprotection will be updated regularly, and information will be sent directly to employees. We encourage you to stay informed the new rules for the protection of personal data. If you have any questions, contact your immediate supervisor or contact AU’s data team
Focused work is in full swing
A series of working groups have been set up on two tracks, an academic track and an administrative track. In brief, the groups will map how personal data is currently handled, processed and stored at the university and how AU can ensure compliance with the stricter data protection rules in the future. The working groups will also focus on how employee knowledge of the rules about personal data and data protection can be increased.
AU appoints a data protection officer
On March 1, Michal Lund Kristensen took up the position of new data protection officer (DPO) at Aarhus University. He will advise data controllers and help ensure that AU complies with the stricter rules on data protection. Michal Lund Kristensen has many years’ experience with data protection and personal data legislation, and as DPO will confer directly with the university’s senior management team.