Personal Data
This page is under update. More information will come.
Data Protection Officer at MF
Data Protection Officer
What is a Data Protection Officer?
The data protection officer helps MF safeguard the privacy interests of employees, students, guests, informants in research projects and others whose personal data MF processes.
The data protection officer is the point of contact for individuals who have questions about MF's processing of their personal data, and about how they can have their rights fulfilled according to privacy regulations.
More about the Data Protection Officer
The data protection officer works independently. This means that the officer is not subject to MF's authority to issue instructions when performing their duties.
The duties of the data protection officer are to:
- assist MF with information and advice on MF's processing of personal data, check compliance with privacy legislation and point out any breaches that may be discovered;
- assist individuals registered with personal data at MF in safeguarding their rights;
- cooperate with and function as a point of contact for the Norwegian Data Protection Authority;
- upon request, advise on the assessment of consequences for personal privacy and monitor the execution of said assessment.
Deviations in the Processing of Personal Data – Report it!
All employees and students at MF must report discrepancies that occur in connection with electronic or manual processing of personal data in research, teaching, administration or publication.
Report discrepancies both by phone and in the online form:
What is personal data?
Personal data is all information and assessments that can be linked to an individual. Typical personal data are name, address, telephone number, e-mail address and national identity number.
What is a deviation?
In this context, deviation means a breach of the personal data security of the personal data or MF's internal routines for processing personal data.
A breach of personal data security is "a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed."
Examples of deviations
- Delivery errors: Letters or e-mails containing personal data are sent to the wrong e-mail recipients, the sending of newsletters where the e-mail addresses of all recipients are visible, and shipments to the correct recipient, but where the shipment by mistake contains protected personal data about other persons.
- Discarded documents that should have been shredded
- Lost, forgotten, or stolen paper documents and USB flash drives with personal data, a computer, tablet, phone, etc.
- Accidental publication of personal data
What happens when I report a deviation
The Director and the IT Director will receive the notification, and appropriate action will be taken to correct the error. MF will also consider whether the breach should be reported to the Norwegian Data Protection Authority.
The Data Protection Authority must be notified within 72 hours "unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons." According to the Data Protection Authority, the general rule is that personal data breaches must be reported to the Authority, and that "the controller must be virtually certain that the breach will not entail or has not entailed any risk for those affected".
MF is the data controller for the personal data processed at MF, and it is therefore MF that is to assess this risk. If it is likely that the breach will entail a high risk to those affected by the breach (the "rights and freedoms" of those affected), MF will also ensure that those affected are notified as soon as possible.