One-off data processing
Are you handling personal data just once, for instance when taking the minutes of a meeting or organising an employee outing? You do not need to include this use in the data processing register if you stick to the following conditions.
In general, each time personal data is processed, this must be included in the data processing register. However, in certain common cases this is not required:
- taking minutes at a meeting
- preparing a presentation
- planning meetings
- actions that have been approved by the Privacy Service Point
In these cases, make sure:
- you do not store the data for longer than six months
- you process the data using the University’s ICT infrastructure and Microsoft Office
- one person is responsible for the file
- there is only one copy of the file containing the personal data
Try to avoid using extraordinary (sensitive) personal data, for example by recording in your minutes that a person is absent without adding that he or she is ill.
If you want to store the data for longer than six months, or if you want to handle specific personal data, you must ensure that this is recorded in the data processing register.