Students that process personal data in connection with schoolwork at ITU, including writing papers and carrying out projects, are in most cases considered “private processors”. Therefore, as a rule, such activities falls outside the scope of the GDPR.
However, please remember that personal data is something that we (mostly) borrow from other people and that it can be abused. We therefore ask that you take good care of your own personal data as well as those relating to your fellow student and any other third party – also when using personal data in your papers or projects.
Below you’ll find some valuable knowledge and practical guidelines to consider when you process personal data as a student at ITU.
WHAT IS PERSONAL DATA?
Personal data is any kind of information concerning an identified or identifiable natural person and may include:
• Name, address, phone number, e-mail etc. (regular personal data)
• Information about racial or ethnic origin, political, religious and philosophical beliefs, trade union membership, genetic or health status, sexual orientation and biometric data (sensitive personal data)
• CPR numbers are considered regular personal data but also confidential information. As a rule, you should therefore be more careful when processing these than other regular personal data
“Processing” of personal data” should be interpreted broadly and covers, inter alia, the collection, registration, storage, disclosure and analysis of personal data.
If you process personal data (by gaining access or collecting) e.g. in a project, assignment, master's thesis etc., we recommend you to consider the following 4 main areas:
When you collect personal data to be used in a project etc., it is always advisable to obtain a consent from the individuals that the data relates to.
Personal data should be handled in a safe manner. This means that you must store it in a way that is not available to the public, e.g. at unsecured places.
As a rule, you are only allowed to share personal data if you have a legal basis (e.g. consent) to do so. If the sharing of personal data is part of the project, you must be certain that the people with whom you share the data will handle the data in a safe manner. If it is possible to anonymise the personal data before sharing it, we strongly recommend that you do so.
Delete all personal data when it is no longer necessary for you to keep it. In that regard, please remember that you may not hold on to the data on a “nice-to-have” basis.