Processing/analysing personal data

What should you pay attention to when using and analysing personal data?

  • You should use and store personal data in a safe digital environment that has been made available by HAN.
  • Safe = e.g., the W: and R: drives, CATS, Alluris, Filesender.
    Unsafe = e.g. Dropbox, Google Docs, WeTransfer.
  • Are you using and analysing sensitive personal data on ethnicity, sexual preference or political or religious opinions, or medical data, biometric data or data on trade union membership? Ensure that as few people as possible have access to these data.
  • Are you bringing in a third party to use and analyse data? Then it is necessary to have a processor agreement between HAN and the third party. If there is no such agreement, you may not use the third party’s services.
  • If you encrypt the data (e.g. by using pseudonyms or anonymising data) and store the key in a separate place, the three points above do not apply, but do be aware that sufficient encryption is by no means a simple matter. It is often possible to trace the data subject using a few non-encrypted details (e.g. combination of year of birth, gender and postcode).