Classification of data

RULE: Classification of data

It is important that information and data are processed correctly and comply with GDPR legislation. This is regardless of whether you are a student or an employee.

  • Therefore, you must classify data and information you are working with.

At AU, we use four different classifications:

  • Public data
  • Internal data
  • Confidential data
  • Sensitive data

Read more about

classification of data

.

RULE: Storage of data

Regardless of classification, data and information must be processed taking into account information security. No matter whether it is in electronic or physical form.

  • Data and information classified as confidential or sensitive must be stored securely.
  • Private devices must not be used for storing or processing information or data classified by AU as confidential or sensitive.

See where you can store different types of information.


TIP: Pseudonymisation and anonymisation of personal data

If you process confidential or sensitive personal data, you must decide whether it should be pseudonymised or anonymised. This also applies to data in physical form such as paper.

  • Personal data is pseudonymised by removing all directly identifying information (e.g. civil reg. no. (CPR no.), name, address, tel. no.) from the data set. A serial number can be added in pseudonymisation that makes it possible to identify the individual person.
  • Anonymisation of personal data means that it is not possible to identify the individual person.

There are different requirements for storing data depending on whether you apply pseudonymisation or anonymisation. Read more about pseydonymisation and anonymisation.