public:data_protection:instructions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Next revisionBoth sides next revision
public:data_protection:instructions [2018-07-16 18:03] veselypublic:data_protection:instructions [2020-04-30 07:38] vesely
Line 1: Line 1:
-====== The Economics Institute GDPR instructions ======+====== The Economics Institute GDPR instructions - Translation ====== 
 + 
 +----
  
 Česká verze //Pokynů// týkajících se ochrany osobních údajů je k dispozici na stránce [[https://cz.cerge-ei.cz/o-cerge-ei/ochrana-osobnich-udaju-pokyny|https://cz.cerge-ei.cz/o-cerge-ei/ochrana-osobnich-udaju-pokyny]] Česká verze //Pokynů// týkajících se ochrany osobních údajů je k dispozici na stránce [[https://cz.cerge-ei.cz/o-cerge-ei/ochrana-osobnich-udaju-pokyny|https://cz.cerge-ei.cz/o-cerge-ei/ochrana-osobnich-udaju-pokyny]]
Line 8: Line 10:
  
 ---- ----
 +
 +===== Instruction no. 4 – Addressing multiple recipients in emails =====
 +
 +In the case of **sending an email to the private addresses of __multiple recipients__, it is strongly recommended to put their email addresses into the Bcc: address field ** (Blind carbon copy) only. Using the To: or Cc: fields exposes their private email addresses to the other recipients and violates privacy principles (a private email address is considered to be personal data).
 +
 +This instruction does not apply to situations where recipient addresses are their working emails (no matter whether an internal or third party) or communication participants obviously know each other.
  
 ===== Instruction no. 3 – Using private e-mail addresses in work communication ===== ===== Instruction no. 3 – Using private e-mail addresses in work communication =====
  
-For the purpose of work communication within the Economics Institute (EI) or towards third parties, EI employees may use only their work e-mail addresses with the cerge-ei.cz (or ei.cas.cz) domain. The GDPR does not permit the use personal e-mail addresses for any type of work communication including communication with students.+**For the purpose of work communication within the Economics Institute (EI) or towards third parties, EI employees may use __only__ their work e-mail addresses with the cerge-ei.cz (or ei.cas.cz) domain.** The GDPR does not permit the use personal e-mail addresses for any type of work communication including communication with students.
  
 As an exception, EI employees may use e-mail addresses from other official domains for the purpose of work communication related to their EI work agendas when they are employees of any of the following organizations associated with the domains: Charles University, the Czech Academy of Sciences (including their joint workplaces), university/faculty hospitals, CESNET, or official domains of other universities and public research institutions. As an exception, EI employees may use e-mail addresses from other official domains for the purpose of work communication related to their EI work agendas when they are employees of any of the following organizations associated with the domains: Charles University, the Czech Academy of Sciences (including their joint workplaces), university/faculty hospitals, CESNET, or official domains of other universities and public research institutions.
Line 19: Line 27:
 The above instructions do not address the placement of e-mail accounts of third-party recipients. The above instructions do not address the placement of e-mail accounts of third-party recipients.
  
-As always, the e-mail content may only include personal data that do not influence the recipient or that were originally included in the communication by the recipient. \\ +As always, the e-mail content may only include personal data that do not influence the recipient or that were originally included in the communication by the recipient.
-----+
  
 ===== Instruction no. 2 – Publishing of students/alumni lists ===== ===== Instruction no. 2 – Publishing of students/alumni lists =====
Line 27: Line 34:
  
 Gained consent may be used in accordance with its specific purpose only. It must be specific and ‘individual’ so that you get separate consent for separate things. Gained consent may be used in accordance with its specific purpose only. It must be specific and ‘individual’ so that you get separate consent for separate things.
- 
----- 
  
 ===== Instruction no. 1 – Reporting a Lost Device ===== ===== Instruction no. 1 – Reporting a Lost Device =====
  
 \\ \\
-**Any lost or stolen electronic/data device must be reported** to the GDPR primary contact person at [[helpdesk@cerge-ei.cz?subject=[GDPR] Reporting of Lost Device|]], either by the affected employee/student or his/her superior. The incident will be analyzed and appropriate remedies assessed. CERGE-EI is obliged to document and assess such incidents and report on them to the Data Protection Office (ÚOOÚ) or other subjects involved in the incident.+**Any lost or stolen electronic/data device must be reported** to the GDPR primary contact person at [[helpdesk@cerge-ei.cz?subject=[GDPR] Reporting of Lost Device|helpdesk@cerge-ei.cz?subject=[GDPR] Reporting of Lost Device]], either by the affected employee/student or his/her superior. The incident will be analyzed and appropriate remedies assessed. CERGE-EI is obliged to document and assess such incidents and report on them to the Data Protection Office (ÚOOÚ) or other subjects involved in the incident.
  
 This instruction concerns any device containing personal data which might conceivably be lost or stolen or containing passwords, the stealing of which might lead to personal data loss (typically PCs, laptops, portable devices including tablets and mobile phones, external data drives and cards, etc.). Personal data include, e.g. students’ seminar papers, seminar attendance lists, students’ grades, personal information contained in research data files, etc. This instruction concerns any device containing personal data which might conceivably be lost or stolen or containing passwords, the stealing of which might lead to personal data loss (typically PCs, laptops, portable devices including tablets and mobile phones, external data drives and cards, etc.). Personal data include, e.g. students’ seminar papers, seminar attendance lists, students’ grades, personal information contained in research data files, etc.
  • /var/www/html/dokuwiki/data/pages/public/data_protection/instructions.txt
  • Last modified: 2020-04-30 08:23
  • by vesely