Department of Agroecology – Staff

Dansk

 AU  Staff Departments  Department of Agroecology Show

Tips about protecting personal data

The new EU General Data Protection Regulation (GDPR) is now effective. Therefore it is a good opportunity to refresh how to protect our own, students', colleagues' and others' data.

[Translate to English:] Personfølsomme data skal låses væk eller slettes. Foto: Birgit Sørensen Langvad

This article provides basic rules of thumb and reflects common sense. It does not answer all the rules relating to GDPR. 

Lock your computer
Everyone should take care that their computer locks automatically when not in use. If this function is not already activated on your computer, you can find information on how to do it in the article Lås din computer (in Danish).

Five tips for handling personal data
Everyone must from now on follow these five basic guidelines:

  1. Tidy up your emailbox.
  2. Tidy up your personal network drive.
  3. Tidy up your desktop on your computer.
  4. Tidy up your physical desk.
  5. Tidy up your mobile devices.

It should be noted that the GDPR also applies to paper archives. It is therefore also important to clean up paper archives. That applies to both TAP and VIP. White bags can be ordered from "Drift" for shredding.

Email and other web-based communication
Avoid sending sensitive or confidential personal data via the open internet (email programmes, Snapchat, Messenger or others). In web-based communication with students it is important that as much communication as possible takes place via the student's AU email. Since we at the department do not always have the student's AU email, you should delete sensitive or confidential personal data that you receive from the student in an email from a private address before you send a reply to the student.

We are not allowed to answer the student in an email that is forwarded to the student’s private email address and includes the original text of the email, such as confident and/or sensitive information. Confident and/or sensitive information must be returned via a closed line or the data must be encrypted, for example by using the AU email of the student or by sending via e-boks to the public digital mailbox of the student.

You may never encourage students or others to forward personal data through the open internet.

You may send emails with sensitive or personal data as long as you are in a closed network that meets safety requirements. The email system of AU meets this requirement, and for this reason you are allowed to send email with sensitive or confidential personal data to other persons internally at AU, i.e. persons who have an email address ending with au.dk.

If you send an email containing personal data, you must insert the following text as standard in your email signature: 

“Please note that this email contains personal data. You must ensure that this data cannot be accessed by anyone else without good reason, and that it is deleted immediately when it is no longer required in relation to the purpose for which it was sent.”

Remember:  According to the guidelines of the Danish Data Protection Agency, emails with sensitive or confidential personal data must be deleted from the email system within 30 days of receipt.

Correspondance outside the EU or EEA
When you correspond with colleagues or students outside the EU or EEA, specific requirements apply. You can find useful information about data security and correspondende for researchers here.

You are allowed to handle personal data
It is legitimate for us to handle personal data as part of our tasks. This means that you are still allowed to have personal data on your drive, if the data is relevant for you in your daily work. This also means that it is still legal to have CPR numbers of current staff members, if you deal with salary payments to them. However, such information must be deleted from your PC when the staff member is no longer employed.

Storage
You must ensure that personal data is stored on the university’s network drive so that personal data is stored securely and that you have a back-up if data is lost. There are two types of network drives: 1) A personal drive (U) to which only you have access 2) A shared drive/folder (O) to which several persons have access. If personal data is stored on a shared drive/folder, it is important that only persons with a legitimate need to access the data have access to the drive/folder.

If in doubt
If you are in doubt as to whether and how you are allowed to handle personal data, help is available. Regarding HR issues, please contact ST HR and GSST. Questions concerning education can be addressed to ST Education. Questions concerning research can be addressed to TTO. In addition, you are always welcome to contact the Data Protection Officer (DPO) at AU, Michal Lund Kristensen.

Useful links 
You can test your knowledge of personal data here.

You can find more information about data protection here.

You can also find information about data protection here.

You can get tips and advice from the Data Protection Agency here (in Danish).

Revised 13.11.2025