5 tips for handling personal data

1. Clean up your mailbox

Read about how to handle email as an employee at AU. 

As an employee, you are responsible for ensuring that you do not have any personal data in your mailbox that should not be there. According the Danish Data Protection Agency, emails with sensitive and/or confidential personal data must be deleted within 30 days the latest. 

It can be time-consuming to review all the emails in your mailbox to find out which ones need to be deleted. Below are some guidelines for cleaning up your mailbox. Find the category that best matches your situation, and follow the guidelines.

Are you responsible for a function related mailbox, you must also ensure that you do not have any personal data that should not be there.  

How to find an email with Instant Search in Outlook. 


A. I have “no” personal data

You may be a researcher who does not conduct research using personal data, or an employee without personnel responsibility.

Note that, even if you do not work with personal data, you may still have personal data in your mailbox that should be stored elsewhere or deleted, because you are no longer storing the data for a purpose. Search for: 

  • Emails with notification of illness from colleagues: search for illness, child's first day of illness etc.
  • Emails concerning appointment committees: search for application, CV, CPR no. etc.
  • Emails about working hours, including holiday: search for holiday, leave, time off in lieu etc.
  • Emails about salary: search for salary, supplements etc.
  • It is also a good idea to search for emails sent from your HR partner and union representative. 

B. I have some personal data

You may be a researcher who carries out research using a small amount of personal data, an employee with personnel responsibility, a PA or secretary, case officer or union representative.

Consider whether you have personal data in your mailbox that should be stored elsewhere or deleted, because you are no longer storing the data for a purpose. Search for:

  • Emails about hiring, termination of employment, summary dismissal: search for application, CV, CPR no., contract etc.
  • Emails with notifications of illness: search for illness, child's first day of illness etc.
  • Emails about working hours, including holiday: search for holiday, leave, time off in lieu etc.
  • Emails about salary: search for salary, supplements etc.
  • Emails about right of access to documents
  • Emails with extracts of personal data from IT systems and Office applications
  • It is also a good idea to search for emails sent from your HR partner and union representative.   

C. I have a lot of personal data

You may be a researcher who carries out research using a lot of personal data, an employee in the HR or studies administration area, a case officer or system administrator.

Consider whether you have personal data in your mailbox that should be stored elsewhere or deleted, because you are no longer storing the data for a purpose. Search for:  

  • Emails with research data. Has the work using the personal data been completed? Must the personal data be filed?
  • Emails about hiring, termination of employment, summary dismissal: search for application, CV, CPR no., contract etc.
  • Emails with notifications of illness: search for illness, child's first day of illness etc.
  • Emails about working hours, including holiday: search for holiday, leave, time off in lieu etc.
  • Emails about salary: search for salary, supplements etc.
  • Emails about right of access to documents
  • Email about cases: search for case number or keywords such as document fraud, illness, copying, theft etc.
  • Emails with extracts of personal data from IT systems and Office applications
  • It is also a good idea to search for emails sent from your HR partner and union representative.   

2. Clean up network drives

Read about the rules for the storage of personal data.

  • You are allowed to store personal data on the network drive, as long as you are working with the personal data and have a legal reason to retain the personal data. 
  • Do not have any documents with personal data on your desktop, C drive or external drives such as USB flash drives and external hard drives.
  • Consider setting up weekly or monthly clean-up routines whereby you delete anything for which there is no actual need. Any sensitive and/or confidential personal data which you have no legal reason to retain must be deleted immediately and after no later than 30 days.
  • There are freeware programs, such as File Locator Pro Lite, that you can use to scan files on a network drive and find specific words (search for e.g. CPR no., application, CV).

3. Clean up your desktop on your computer

Do you save documents on the desktop of your computer?

Many of us have the habit of letting the documents we are working with be displayed “temporarily” on the computer's desktop, so that they are easy to open. The problem is that the desktop quickly becomes unmanageable, and that documents with personal data are easy to find if someone gets access to your computer.

  • Do not have any documents with personal data on your desktop, C drive or external drives such as USB flash drives and external hard drives.
  • Make sure that your files have a fixed and secure location from the outset.
  • There are freeware programs, such as File Locator Pro Lite, that you can use to scan files on a network drive and find specific words (search for e.g. CPR no., application, CV).
  • Consider setting up weekly or monthly clean-up routines whereby you delete anything for which there is no actual need. Any personal data which you have no legal reason to retain must be deleted immediately and after no later than 30 days.
  • Always keep your computer locked with a password when you leave it.

        

4. Clean up your physical desk

Do you print documents that need to be read carefully? If you do, please be aware that documents containing personal data lying on your physical desk, in an unlocked drawer or displayed on a noticeboard can easily be stolen or lost.

  • Make sure that printed documents containing personal data that is to be retained are securely locked in a secure archive room.
  • Be sure to shred printed documents with personal data that you no longer use.

5. Clean up your mobile devices

Make sure that no personal data is stored on your smartphone, tablet and/or laptop computer, as this may present a security risk if a device is lost or stolen.