Personal information is all information relating to a person, which means that, for example, student number, phone number and the like are also personal information. All personal information, whether general or sensitive, must be processed in accordance with GDPR.
That you must process the information in accordance with GDPR means, among other things, that:
- you must have the legal basis to process the information
- you need to reduce the amount of information to a minimum
- you must make sure that the information is correct
- you have to delete information when you no longer need it
- you must treat the information as confidential
Read more about data minimisation, storage limitation, consent, rights of the data subjects’ and much more here.
Below you will find more information about personal data in connection with teaching, and how to take data protection and information security into account when communicating with students. For a general introduction to data protection and information security, you can read more on the main page.