Handling personal data with care
What should you arrange in advance if you are going to use, store, or share personal data? What is allowed, what is not allowed, and how do you ensure that you comply with Privacy legislation (GDPR) and university rules?
What are personal data?
Information is considered personal data if it says something about a specific person or if this information in combination with other data can be traced to this person. As soon as you are going to 'process' personal data, you have to follow certain rules. On this page you will find what personal data and special personal data are and what we mean by processing personal data.
When are you allowed to query and process data?
Every time you process personal data, it is an invasion of the privacy of the people it concerns. That is why you may only process personal data if there is really no other way. In other words: if you cannot achieve your goal without this data.
What personal data should I handle with care?
In principle, you should handle all personal data with care. However, special personal data (such as someone's race, religion or health) are extra protected by law. The GDPR therefore prohibits the processing of special categories of personal data, but exceptions have been made for certain types of processing.
What are the duties I have to meet at the university?
On this page the most important duties for the organization and its employees are explained. Including the processing register, agreements with third parties and the privacy statement, for the organization and its employees explained.
What if I want to make use of an external party for my classes, research, or business?
If Tilburg University, as the legal controller, engages a company for the processing of personal data, a processing agreement is required. This is a legal obligation under the GDPR.
Who can I contact with my questions about personal data?
Each organizational unit has its own first point of contact for questions relating to privacy and the GDPR.