Security
Data Protection Day: are you keeping personal data safe?
Sunday 28 January was the annual European Data Protection Day, which is all about protecting data and the right to privacy. Here at the university we also work in various ways with our own personal data and that of others. But what exactly is this data? And how can you as a member of staff process it safely?
When do we ‘process’ personal data?
All information that is traceable to an individual is personal data. This means that someone is able to use data to identify an individual, also by combining different data sets. For example, contact details such as someone’s home address, email address and phone number, but also student and staff ID numbers and IP addresses.
Essentially, anything you do with personal data is processing. For instance:
- collecting, storing and analysing results from questionnaires where respondents have entered their name, sex and country of origin;
- updating someone’s contact details when they have moved house;
- forwarding a list of names of staff who have registered for a training course.
How can the privacy officers help?
The privacy officers are there to help you as a staff member handle personal data and can advise on compliance with the General Data Protection Regulation (GDPR). It is important to consult them at an early stage if you are going to process personal data, for instance if you are purchasing new software or preparing research proposals. The privacy officers are happy to discuss the potential privacy risks with you and how these can be eliminated. Feel free to ask any questions you may have, from ‘Is this personal data?’ to ‘Do we need to sign a data processing agreement with this supplier?’
Report, even if in doubt
Privacy officers also take the lead in handling requests from people whose personal data has been processed and, of course, in data breaches. Because unfortunately, things can go wrong when processing personal data. Ever sent an email containing personal data to someone who was not supposed to receive it, for example? Always report this immediately to the ISSC Helpdesk! And if you are unsure as to whether something is a data breach, report it to us and we’ll look into it. Better to make ten reports too many than one too few. The privacy officers will be happy to help and will take action if needed.
A quick call with privacy officer Eric van Hoof
Want to find out more about handling personal data, the importance of privacy or the daily work of the privacy officers? Read the interview with privacy officer Eric van Hoof. And if you have any questions about this article or about privacy in general, feel free to mail the privacy officers at privacy@bb.leidenuniv.nl.