5th Anniversary of the GDPR

June 5, 2023
[Translate to English:]
[Translate to English:]

Today the General Data Protection Regulation turned five years old! In these five years the world of data protection has changed a lot. The GDPR had and will continue to have a lot of impact on the TU/e as well. We might not realize it, but every single one of us encounters privacy related matters on a day-to-day basis.

So let’s celebrate this 5th anniversary with five privacy facts about the TU/e that are important to remember:

  1. There is always a point of contact for privacy related matters at TU/e. Whether you are an employee or a student, you can always find help when it comes to your privacy related questions.
          Support Staff can contact their Data Domain Controller (DDC). If you don’t know who
          your DDC is, then you can find out here.       
          Scientific Staff can contact their Data Steward (DS) via rdmsupport@tue.nl.
          Students can contact a Privacy Officer from the Privacy Operations team at
  2. ‘POP’ is the name of the privacy awareness campaign at the TU/e. It stands for ‘Protect Our Privacy’, because it’s everyone’s responsibility to handle personal data in a safe way.
  3. The Data Protection Officer (DPO) of the TU/e is named Bart Schellekens. A DPO is an internal supervisor and that is why it is crucial that he can perform his tasks independently. Each year the DPO sends an annual report to the Executive Board and the Supervisory Board. If you want to know more about our DPO or read the annual report, then you can find that here.
  4. There are a lot of questions about privacy that are asked quite often. For these questions the privacy team has made a FAQ with different main themes. If you would like to check this out, then you can find the FAQ here. If your question is not in there, then please don’t hesitate to contact the privacy team at privacy@tue.nl.
  5. A data breach has to be reported as soon as possible. The TU/e only has 72 hours to evaluate if a data breach should be reported to the Dutch supervisor of the GDPR (which is called the ‘Autoriteit Persoonsgegevens’). These 72 hours also include the weekend and public holidays. So, if you encounter something that might be a data breach on Friday, then we have to report the data breach to the Dutch supervisor on Monday at the latest. We only need to report data breaches if they could potentially carry a high risk for the people who are involved, but that means we need enough time to look into the data breach and make an evaluation. So, it really helps if you report a (potential) data breach as soon as you suspect it might be a data breach. Even if you’re unsure, please report it. You can find out more about data breaches and find a link to the form where you can report a data breach here.