Minutes: Workshop III - Data protection in student self-administration

Contact

FSR WiRe

Student council Economics and Law

Participant mobile phone 01747588941

@fsr_wire_uol

Ammerländer Heerstraße 114-118
D-26129 Oldenburg

A05 1-156

Minutes: Workshop III - Data protection in student self-administration

Data protection in student self-administration

University of Paderborn, Moritz Bunse

The basics

  • Why data protection
    • to protect personal data
  • Does every FS need a data protection coordinator?
    • Depends on whether prescribed
    • one person, or centralised solution
    • UNI is not considered a third party (in NRW), could be different in other Federal States

GDPR

Implementation

  • Documentation of all processes
  • audits
  • Are personal data mentioned?
  • Deletion periods, must something be removed?
  • What protective measures are in place
  • Perfectionism not achievable, always room for improvement
  • Legal basis
  • Limesurvey, Forms

Implementation in the Student council

  • Sample processes that are customised
  • Two types of processes must be in place
    • Counselling
    • Registration for events
  • Restricting the use of third-party email providers in student self-administration

Tips & tricks

  • Check Web.de/Gmx/GMail etc. as a third-party provider (whether data is forwarded, including PDFs in attachments)
  • Scan function of third-party providers cannot be restricted, therefore check which data is shared, handle data sparingly (IP addresses can also constitute personal data)
  • Only collect necessary data, delete/anonymise in good time after an event has been decided
  • It is best to install an AVV/tracking banner (active) or switch it off
  • Google Fonts data protection violations
  • Data protection violations can be expensive!
  • Cookie notice, other Umatrix
  • Prevent forwarding to private emails
  • Use internal email addresses (data availability, short official channels, data security)
  • Internal teams (data protection compliant, data only to EU servers)

Discussion

  • Use Wordpress to create the website, use tools to analyse, ask providers about the processing of personal data
  • Who is responsible if the FSR commits a data protection breach (in P the elected members of the FSR)
  • There must be a legal basis for storing the data to ensure that everything is compliant Consult a lawyer in the last instance (expensive, but safe)

Delete chat messages after a certain time (teams)

  • Rather stricter than laxer, if in doubt use internal university providers
  • Never use Whatsapp as the only communication channel (similar with other social media providers)
  • What about sharing pictures?
    • Signs (plenty), inform that pictures are taken and shared, distinguish whether a public event or internal
    • Also point this out in presentations, e.g. in the O-week
    • When selling tickets online, install an active click function to agree to this
    • If there is an explicit request to delete an image, this must be deleted everywhere
    • Doodle not good
Internetkoordinator (Changed: 11 Feb 2026)  Kurz-URL:Shortlink: https://uol.de/p95008en
Zum Seitananfang scrollen Scroll to the top of the page

This page contains automatically translated content.