GDPR concerns also Hanken
GDPR will enhance our individual rights to be informed and gain control on how our personal data is processed and transferred. There must be a legitimate interest or consent to process personal data. Studying or being employed at Hanken is legitimate interest to process personal data, but the data must be protected against data breaches and abuse.
All data which can be used to identify a natural person is personal data. An IP address can be personal data if it can be used for profileration of a person.
Professor Matti Kukkonen has chaired a GDPR group for Hanken to comply with the requirements of the regulation. The group has performed a review on how personal data is processed at Hanken and documented a Data Processing Impact Assement (DPIA) to mitigate risks related to processing of personal data. Hanken has signed Data Processing Agreements (DPA) with subcontractors and ordered an external review from KPMG to ensure compliance with GDPR. Training on data protection has also been provided for staff.
Our GDPR group has also drafted a privacy policy for Hanken, the policy is to be approved and published next week.
GDPR has clauses on transferring personal data to third countries outside EU. The European Commission has approved a framework called Privacy Shield on how US companies can process our personal data. Therefore, our cloud service Office365 is compliant with GDPR.
Hanken has appointed a Data Protection Officer (DPO) to support the organisation and all affiliated persons to Hanken on data protection. Mr, Urpo Kaila, who can be reached though dpo@hanken.fi has been appointed to the position in with a personal part-time agreement. Do not hesitate to contact Urpo if you have questions related to protection of personal data and specially if you become aware or suspect a data breach or abuse of personal data.
There is still much work ahead at Hanken on data protection, but we have already had a good start to protect personal data to comply with the regulation. Future work will focus on protecting personal data in research and education.
Our Data Protection Officer Urpo Kaila can be reached through dpo@hanken.fi