Aalto University Personal Data Policy approved

The policy is binding for the whole university community – staff, students and other members of the university community – on 25 May 2018 onwards, when the EU General Data Protection Regulation (GDPR) takes effect.

The university is a centre for knowledge, learning and research where information is constantly being processed. A large part of this information is related to living people – and is thus their personal data.

According to the Aalto University Code of Conduct, as verified by the Board of Aalto University on 14 June 2017, the university is committed to protecting an individual’s rights and freedoms when their personal data is being processed by the university.

GDPR defines the rights to those who are registered (data subjects) as well as the general rules and obligations for personal data processing. The main principles, responsibilities and procedures that will be followed when personal data is processed at the university are accepted by the personal data policy.

Every person working or studying at the university is obligated to participate in the realization, upkeep and surveillance of data protection, for example by following given guidance and by notifying to the information security team on every detected endangerment of information security or data protection.