We’ll have to change our routines

The new EU General Data Protection Regulation will enter into force on 25 May, and it will have an impact on the vast majority of employees at AU. Everyone has a responsibility to learn about the new rules, and the new routines and work procedures required.

2018.05.15 | Christina Troelsen

Vice-Dean Søren R. Keiding. (Photo: Anders Trærup/AU Kommunikation)

If you are a researcher working on research projects involving the use of personal data, for example data from population surveys, you are probably aware that you have to take special precautions to manage and protect the personal information securely.

But did you know that emails from colleagues notifying sick leave, applications from colleagues abroad with a CV attached, or emails from students about their exams may contain personal information that means you cannot have them stored in your mailbox after you have finished using them.

"It’s important that all employees can meaningfully continue their research, teaching and administration work after 25 May, but it’s also vital that we all comply with the new rules. The new rules will inevitably influence the way we work, and we’ll have to change our routines," says Søren R. Keiding, ST's representative in the AU data team. He continues:

"Management and administration are working flat out to make sure that all of our processes are in line with the General Data Protection Regulation, and this should make it easier to implement the new routines. But getting rid of old emails, hard drives, archives and piles of paper is a huge task. There’s a number of tips on the website, but basically there’s no other option than to roll up your sleeves and get started with the clean-up task."

Clean up your mailbox

Personal data covers many different types of information, such as name, age, address, telephone number, civil registration number (CPR no.), sickness absence, payroll data, etc. Read more about different types of personal data (full English translation will be available soon).

If you have stored personal data that after 25 May should only be stored in secure systems, it is your personal responsibility to clean up and make sure that the information is deleted, shredded or moved to a secure system. Read more about storing personal data.

It can be very time consuming to go through your mailbox to find out which mails need to be stored elsewhere and which should be deleted because there is no longer any need to store the information. Here are some tips. For example what search words you can use to find emails with personal information.

Avoid having personal data lying around either digitally or in print

You may have to delete documents with personal data locally on your computer, as well as on network drives and external drives such as USB sticks and hard drives. Consider setting up weekly or monthly clean-up routines when you delete everything you don’t really need. Any personal data which you have no legal reason to retain because it is no longer required for the job you’re doing must be deleted immediately and at least by no more than 30 days.

Are you in the habit of printing documents that need to be read carefully? If you are, note that documents containing personal data lying on your physical desk, in an unlocked drawer or hanging on a noticeboard can easily be stolen or lost and they are not being stored securely. Therefore, make sure that printed documents containing personal data are stored securely under lock and key or shredded when you no longer need them.

Make sure that no personal data is stored on your smartphone, tablet and/or laptop, as this may present a security risk if the device is lost or stolen.

Read  5 tips for managing personal data   and learn how to deal with the more stringent rules in the new General Data Protection Regulation after 25 May.


Get help and guidance on data protection on AU's website or see contact information for the relevant contacts.