The FAQ addresses all user groups across all areas and faculties. There are also FAQs targeted at individual user groups: researchers, lecturers and administrative staff. New questions and answers will continuously be added to the FAQ. Please contact SDU RIO if you did not find the answer.
It is not a requirement, but it is always good practice to ask the presenter if it is okay that you take pictures of him or her, for example in connection with his or her presentation, and publish them.
As a general rule, do not post pictures of the Christmas party online without asking the person in the picture. If you take pictures that you want to post online, think about what is actually in the picture. Pictures that may seem offensive and of an exposing nature, for example, must not be posted online.
If you take pictures under the auspices of SDU, general pictures of the event (e.g. dining) will fall within the university’s activities and can therefore be published without prior consent. However, you should always make sure to meet the duty to inform so that people know that pictures are being taken, for what purpose and for how long they are kept. Make sure that only pictures with justified content are taken (and therefore not at the copier or the bar). Please contact your local GDPR coordinator if you need guidance.
SDU has chosen to move away from the old shared drives and use services such as SharePoint, Onedrive and Nextcloud, where the security is significantly improved compared to the old shared drives in relation to who accesses data. SDU therefore recommends that these services are used for data storage and not the shared drive. There are only few examples where the above cloud solutions cannot be used, which is why the shared drive is not maintained on new equipment. However, based on a justified need and by agreement with SDU IT, you can still get access to a shared drive.
The transition to cloud solutions does not mean that data suddenly disappear. However, you may find that the documents you now store on a shared drive are instead moved to OneDrive. Such a transfer of data will always be communicated by SDU IT, and you do not have to do anything.
Emails sent from internal email addresses (ending with @sdu.dk) to internal email addresses are always encrypted. Therefore, you are welcome to send internal emails with all types of personal information as long as there is a purpose.
As a general rule, you do not send encrypted emails when sending to external email addresses, and you should therefore not send emails containing sensitive or confidential personal information to external addresses. However, there are various options (see instructions here - only available in Danish) for sending encrypted external emails:
- Secure mail mailbox (sikkerpost@sdu.dk)
- E-boks: This method comes in two variants, one where you use your Outlook client directly to send to specific recipients, and another where the email is sent as printing to a printer. The latter is sent via KMD and has the advantage that if persons are exempt from Digital Denmark, the letter can be sent as a paper letter.
- Tunnelmail (a concept of emails sent through an encrypted tunnel): Use the ‘Send Digitalt’ plug-in to check that your email is sent encrypted to external email addresses. Tunnelmail has been set up for the majority of public authorities, and with this plug-in, you can check that an encrypted connection has been established.
If you have any questions, please contact your local information security coordinator or SDU IT.
However, you must always make sure that the duty to inform is met. Among other things, the participants must be informed about the purpose of sharing their information. Feel free to use the template below and insert it in connection with registration for the event/other:
‘Please note that the list of participants and the participants’ email addresses will be shared with the other participants at the [[course/seminar]]. The list will be shared because [[Insert reason, for example: because part of the purpose of the seminar is to create networks between the participants]]. If you do not want your name or contact information to be shared, you can contact [[insert contact person/contact information]]’.
If you are in doubt as to whether you have a valid purpose for sharing the list of participants, you can always contact your local GDPR coordinator for guidance.