Think carefully before sharing anything
Sharing data and documents with colleagues or other organisations can be useful, but it can also entail various risks. You should therefore think carefully before sharing anything, and always ask if you’re not sure whether sharing is permitted.
Information – both about the university and about people – is valuable and deserves to be protected. This is not only the view of the university itself but is actually a legal requirement of the General Data Protection Regulation (GDPR). The university therefore takes security measures to protect this information. If you want to share something, always stop and think: is it desirable, necessary and permitted to give another person access to certain information?
What to look out for?
Personal data
Leiden University is not permitted to simply share personal data with other organisations or individuals: it has to comply with the requirements of the GDPR. You should therefore check:
- What is the purpose of sharing the personal data? Can you only fulfil this purpose by sharing someone’s personal data?
- Do you have a legitimate reason for sharing the personal data? For example, the person whose data you want to share has given their consent for this; or the university has a legal obligation to provide the personal data to the recipient.
- Is there a formal arrangement, such as a data exchange agreement? For example, you may have agreed with another organisation which personal data will be shared and for what purpose.
If your answer to these questions is ‘no’, then sharing the personal data is probably not permitted.
If the answer to one of these questions is ‘yes’, then you should further check: is it necessary to share all the personal data or can you still fulfil the purpose with just some of it?
In doubt or have a question?
Please contact the Privacy Office via privacy@bb.leidenuniv.nl.
Business information
Business information may be sensitive. You should therefore think about the kind of business information you have and what sharing it could mean. Before you share something, always ask yourself:
- Is the information secret or confidential, or do you yourself think it is?
- When you enter employment at the university, you sign a confidentiality agreement. Does sharing this information constitute a breach of that agreement?
- Do you think it is desirable and necessary to share this information?
Based on your answers to these questions, you can make your own assessment of when sharing business information is not permitted.
In doubt or have a question?
Please contact the Security Office via security@bb.leidenuniv.nl.
Dare to ask
If you’re not sure whether you’re permitted to share certain information with an organisation or person, don't hestitate to get in touch with the Privacy or Security Office.
Sharing personal data
Please contact the Privacy Office via privacy@bb.leidenuniv.nl.
Sharing other business information
Please contact the Security Office via security@bb.leidenuniv.nl.