If you are required to process confidential or secret personal data in an Excel spreadsheet, Word document or other form of document outside the original data processing system:
- Always process the personal data on Aalto University workstations or using services where Aalto University and the service provider have signed the appropriate valid agreements (see the quick guide to classification).
- Never transfer any personal data or registers containing personal data to any personal devices or cloud services.
- If you intend to send confidential or secret personal data by email, encrypt the personal data by using for example the Encrypt button found in the Aalto University Outlook.
- Always use Aalto University’s VPN connection when connecting to any Aalto University services from an external network.
All laptops that are used in Aalto University must have encrypted hard drives. The laptops may contain confidential and secret data from the university’s network drives and user activities, and the laptops must feature an adequate level of protection. The laptops that are managed by IT Services have encrypted hard drives. If you wish to check whether the hard drive of your laptop has been encrypted, contact the IT service desk, servicedesk.aalto.fi
Personal data may be transferred outside the EEA region if the EU Commission has decided that the third country in question can ensure an adequate level of data protection (transfer on the basis of a decision on the adequacy of data protection), by signing an agreement with the recipient using the templates provided by the EU Commission, or to the United States under the so-called Privacy Shield agreement. Further information: The transfer of personal data outside the EEA region.
If any personal data is transferred to an external service provider for processing (e.g. outsourcing or SaaS), a written data processing agreement must be made on the processing of the personal data (see the data processing agreement template).