Aarhus University Seal / Aarhus Universitets segl

How to handle personal data correctly

In relation to sensitive personal data, it can be difficult to determine which mails you should delete and when to delete them – in short, how we as employees of Aarhus University should deal with mails containing this kind of information

2018.10.31 | Susan Hjort Skyum

As a rule of thumb, you should deal with mails containing sensitive personal data immediately – either by filing them in an authorised system designed for this purpose or by deleting them after reading. This is necessary because AU’s email and calendar system is not intended for the storage of sensitive personal data.

Emails containing sensitive personal data must be deleted from your mailbox no later than 30 days after receiving/sending the email.

The university has a policy on how to handle mail containing personal data which you can read here.

Help with automatic deletion

Currently, you need to delete mails containing personal data from your inbox or from the folder ‘Sent Items’ – after which you also need to delete them from the folder ‘Deleted Items’. But after 1 November 2018, a so-called Outlook policy will be implemented in all AU mailboxes which will automatically empty the ‘Deleted Items’ folder every 30 days. You can also create one or more Outlook policies yourself which can help you make sure you remove sensitive personal data from your mailbox.

Important to prioritise mailbox clean-up

Unfortunately, there are no effective digital tools available that can scan your mailbox and find all emails containing sensitive personal data. Cleaning up your mailbox manually can be time-consuming. We encourage you to use your common sense in deciding what to delete, and how much time you spend on cleaning up. Here are 5 tips to help make cleaning up your mailbox easier.

Read more about the General Data Protection Regulation (GDPR) at au.dk/dataprotection.      

Department of Chemistry, Staff