A-Z Students International Sports, Management and Business (ISMB)

What is (special) personal data?

Personal data means any information which ‘directly or indirectly traces back to a person’.

Examples include your name, date of birth, address and telephone number. Student ID numbers and AUAS email addresses are also considered personal data, as these provide access to other personal data such as a person's date of birth, address, academic results and so on.

The GDPR distinguishes between ‘personal data’ and ‘special personal data’. Special categories of personal data relate to details which are extra-sensitive in nature. These specifically include:

  • Data revealing racial or ethnic origin
  • Political opinions
  • Religious or ideological beliefs
  • Trade union membership
  • Genetic and biometric data used to identify a person
  • Data concerning health
  • Data concerning a person's sexual conduct or sexual orientation
  • Criminal data

The processing of special personal data is prohibited, unless a specific exemption applies or the data subject has given explicit consent for the data to be processed.

Do you process personal data?

If you are going to process details relating to students, employees, alumni or prospective students, then ask yourself the following four questions. This way you can ensure that you handle the personal data with due care as well.

  1. Is it clear to the data subject why I need his/her details?
    Be sure to indicate clearly for what purpose you are processing the data in question and be true to your word. You are not allowed to use data for a different purpose than the one for which it was collected (purpose limitation).
  2. Do I really need all this personal data?
    Do not process more personal details than actually necessary to achieve your purpose (data minimisation).
  3. Must I really keep this personal data?
    Delete the personal data once you no longer need it. Make sure you know when personal data is due to be destroyed or archived (retention reduction).
  4. Have I ensured that this personal data is secure?
    The data you are processing is confidential, so it is essential that it is properly secured. When possible, use central source systems (such as SIS and SAP) to process personal data. If you must distribute personal data outside of the centralised system then you can use the following safe data storage services offered by AUAS: the collaboration and team sites on MijnHvA and the network drives. Data storage services like Dropbox or USB-sticks are not suitable for storing personal data. (data security)

​Read more on the basic principles for processing personal data.

Published by  Legal Affairs 2 July 2018