GDPR error? Report it! ‘We’re not here to rap people on the knuckles’
Starting four years ago, the same privacy laws apply throughout the European Union: the General Data Protection Regulation (GDPR). The law also affects our work at the university. As a refresher, we spoke with Privacy Officer Max van Arnhem about privacy in the workplace and what to do if something goes wrong.
As Privacy Officer, Max ensures that we, as a faculty, meet the GDPR requirements. A quick recap: the General Data Protection Regulation (GDPR) is a European law that gives citizens within the European Union rights regarding their personal data. The law gives citizens control over personal information and how it is used.
Control over privacy
That control over privacy is very important according to Max. ‘Privacy is not guaranteed in our digital age. Hackers, tech companies and data brokers are constantly trying to obtain, sell or misuse our data in any way possible,’ he says. ‘As a counter argument, you may sometimes hear that we have nothing to hide, but people only say that until it’s already too late and our entire personal lives are online. Once that has happened, there is no way back. Data is so much easier to publish than it is to delete.’
Handle data responsibly
For faculty staff, the GDPR mainly boils down to the fact that they have to handle personal data responsibly. That entails, for example, sending data by e-mail in the BCC instead of the more privacy-sensitive CC. ‘Furthermore, we won’t expect everyone to know the GDPR by heart,’ he adds.
Max also asks for lecturers and staff members to pay extra attention to contact with students. ‘Students are in a learning phase and will make more mistakes. They may view a lecturer or staff member as a confidant. That’s understandable, but, as a teacher or member of staff, make sure you pay attention to what happens afterwards with such confidential information. Don’t send specific information about psychological issues to the exam committee, for example.’
Unnecessary mistakes
According to Max, issues surrounding privacy arise quite often at the faculty, but the most common mistake is not reporting errors in time. That is frustrating, because such issues are easily avoidable. ‘As Privacy Officers, we’re not the police, but the fire brigade. We’re here to put fires out and prevent them,’ he says. That is why he urges staff members to ask for help as soon as possible if something goes wrong with personal data. ‘We’re here to prevent issues from worsening, not to rap anyone on the knuckles.’
Do you have any questions or uncertainties about a privacy-related issue? If so, do not hesitate to reach out to Privacy Officer Max van Arnhem at m.a.van.arnhem@bb.leidenuniv.nl.