Privacy concerns information about people. This includes any information that can be traced directly or indirectly to a natural person, for example a person’s name, identification number, phone number, location data (also digital), assessments, ethnicity, religion, health and biometric data.
The protection of privacy aims to secure personal information and protect individuals’ private lives. The persons in question here are all those parties connected in some way to the University of Twente. This includes not only staff, students, guests, visitors and external relations (hired/outsourced), but also people whose personal information is processed by the University of Twente, such as participants in scientific research.
Personal information is highly confidential, and thus privacy is a distinct component of information security. Specific requirements and obligations have been established to protect personal information above and beyond those that apply to other forms of information.
All data registrations of personal information must be recorded across the University of Twente. These registrations (systems, forms) are referred to as ‘processing’. The responsible owner of the registration must report the processing to the DPO team. Processing in the course of scientific research also falls under this obligation. In that case, the research scientist is the processing owner.
The DPO team draws up a processing overview. The PCP of the faculty or service department can assist with processing registration. A registration tool is available to make it easier for the custodian to comply with the statutory requirements set for this purpose.