See FAQ GDPR index

FAQ privacy and working from home

Which tools can I use for online lectures and/or video conferencing?

The UT has agreements with several parties for the use of conferencing tools.

Please visit this website for possibilities for online lectures. 

Additionally, for other meeting you can safely use the following video conferencing tools with your UT account:

Do you want to use other tools? Ask TELT about the possibilities. Permission must be given before new tools are deployed. Among other things, advice is given based on the privacy considerations.  

Some tools have already received advice on the basis of which use is not permitted within the UT, such as Zoom and Discord.

This answers my question.
YesNo
Thank you for your question
Can I use other tools, such as Zoom and Discord?

You cannot use other tools than mentioned here without permission. Some tools have already received advice on the basis of which use is not permitted within the UT, such as Zoom and Discord.

This answers my question.
YesNo
Thank you for your question
Can I use a private device to send and receive e-mail relating to the University of Twente?

Short answer (explanation below): Yes, but the device must be properly secured. It must be properly password protected, it should not be shared with others and your laptop’s hard disk must be encrypted.

Explanation: Most mail clients store mail, temporarily or not, on your laptop or phone. A password, or pin code, is the first protection if someone steals your device or it gets lost.

If you do not encrypt your hard drive, criminals can still access your data. They can remove the disk from your laptop and connect it to another system. If that disk is encrypted, the data is still inaccessible.

All modern phones encrypt internal storage. With a pin code or password, that data is therefore safe.

If you work with flash drives, we also recommend encrypting them. You lose them more easily than a laptop or phone, and it can also contain sensitive information. LISA recommends Kingston encrypted USB drives or, if you need more storage, the Samsung Portable SSD T3.

Information about encrypting hard drives can be found on our data protection page.
More tips on strong passwords can be found in the 10-step plan.

This answers my question.
YesNo
Thank you for your question
What should I do if I lose my device containing personal details of the University of Twente (through loss or theft)?

You should immediately report this to cert@utwente.nl. Specify whether the hard disk was encrypted and whether the device was properly password protected.

This answers my question.
YesNo
Thank you for your question
What is the difference between anonymization and pseudonymization?

When personal data is pseudonymized, you secure the data in a way that the data is no longer directly retraceable to an individual. Certain elements from the personal data may  be deleted or the data can be coded, in which case the key can be stored in another location. Pseudonymization is a security measure. When personal data is pseudonymized, they are still personal data. The data may no longer be directly retraceable, but indirectly you can still identify an individual with the pseudonymized data. Therefore, you have to comply with the GDPR.

When personal data is anonymized, you can no longer trace back to an individual, even in case you would have additional data. In this case, the data are no longer personal data and the GDPR does not apply.

IMPORTANT NOTE: the anonymizing of personal data is a way of processing personal data; until the moment the data is fully anonymized, it still is personal data. Only after anonymizing, the GDPR no longer applies.

This answers my question.
YesNo
Thank you for your question
How can I anonymize PDF documents?

Be careful when anonymizing PDF documents. Drawing tools, used to draw a box over the sensitive information, don't usually hide the information. These boxes are easily removed to reveal the original information. The University advises to use Acrobat Pro. Acrobat Pro has the Redact tools to remove or redact sensitive images and text. Redacted and removed information will not be retrievable in the saved document.

More information is available on the Adobe site.

This answers my question.
YesNo
Thank you for your question
I want to store personal data securely. Is that possible in the cloud?

The University has agreements with SURFnet for the use of SURFdrive, with Google about the use of G Suite, including Google drive, and with Microsoft for the use of OneDrive for Business. They all comply with the GDPR and can therefore be used for storing data. 

The employee can therefore make a choice from the various solutions, taking into account the reason he wants to use the storage for. In all cases, pay attention to how synchronization is handled. All providers offer the possibility to synchronize files with the workplace. Therefore, that computer must also be adequately secured with, at minimal, encryption of the storage media in and connected to the workplace.

Please note that the above only applies to the G Suite and OneDrive variants for which the university has a contract with Google and Microsoft. If in doubt, do not use it and contact the Service Desk ICT.

You can also use G Suite and OneDrive -the correct variants- for sharing data with third parties. Keep in mind all other requirements for sharing with people outside of our organisation. If you need help, contact the Service Desk ICT.

This answers my question.
YesNo
Thank you for your question
I want to send personal data securely to other parties. Is that possible with a USB stick or do I have to use something else?

We advice against the use of physical media. There is a great risk of losing those media. If that is the case, that will be a data breach. Even if the media is encrypted, there is a chance of a data breach. All this depends on the strength of the password.

An additional problem with the use of physical media is that it is not certain whether the other computer is safe. If it is infected, the media may also be infected, after which the infection is transferred to your computer.

To securely send files to one or more people, we recommend using SURFfilesender. SURFfilesender offers end-to-end encryption and has the possibility to send very large files. Remember to enable encryption when sending a file.

When third parties want to send you a file with personal data, SURFfilesender is also the best choice. If you know the person who wants to send you the data, you can send an invitation via SURFfilesender.

This answers my question.
YesNo
Thank you for your question
Can I use a private device (laptop, phone or tablet) to send and receive e-mail from and to my UT e-mail address?

Short answer (explanation below): Yes, in case:

  • Your device is properly password protected;
  • You don’t share your device with others; and
  • Your hard disk is encrypted.

Explanation:

Password

Most mail clients store mail, temporarily or not, on your device. A password or pin code is the first protection if someone steals your device or it gets lost.

Encryption

If you do not encrypt your laptop’s hard drive, your data can still be accessed. If the disk is encrypted, the data is inaccessible.
All modern phones encrypt internal storage. With a pin code or password, the data is therefore safe.
If you work with flash drives, we also recommend encrypting them. LISA recommends Kingston encrypted USB drives or, if you need more storage, the Samsung Portable SSD T3.

This answers my question.
YesNo
Thank you for your question