General rules

All data should be kept in the designated infrastructure provided by the MPI and should not leave the MPI servers. Please contact helpdesk@mpi.nl if you have any questions about the infrastructure of your department group.

For example, USB, hard drives, personal laptops, home devices, etc. If for any reason you have to export personal data, contact privacy@mpi.nl.

If you have personal information on paper, this should be kept in a designated locker, please email privacy@mpi.nl for help.

Personal data on paper should be destroyed by using a GDPR-proof shredder (black shredder in the basement or room 265 (check settings)). 

It is also not allowed to put any personal information from participants on insecure websites (like Google). 

Always lock access to your computer whenever you leave your workspace. Otherwise, anyone who coincidentally passes may be able to view someone's personal data in your workplace (emails, files, etc). A very useful and handy shortcut is to press Windows key + L. 

Do not share, lend out, or give your MPI keys to anybody; the keys work as passes. 

Whenever you send an email message (with privacy-sensitive information) to multiple people, you are sharing personal data (everyone's email address). For this reason, you should use BCC (blind carbon copy) instead of CC to make sure the addressees will not be able to see who else is addressed. This is important when a message contains privacy-sensitive information concerning the members.

You can use the highly secured network Eduroam, or our own MPI Wi-Fi network (ask TG). In these networks it is impossible to intercept network traffic as opposed to open Wi-Fi networks elsewhere, many of which are often free of charge but insecure. 

Should the situation absolutely require you to use such a Wi-Fi network, please always make sure that you use a VPN or other secured connection. Please contact the TG at helpdesk@mpi.nl for help with VPN connections or consult the MaxIntra website for more information. 

Install a digital certificate. The digital certificate (recognisable by a small red ribbon in your email header) acts like a digital ID - it is specifically made for you and serves as verification that the person who is sending the email (you) is indeed that person (you). The certificate works on all devices when using the Outlook app and some other applications and can easily be imported. Please contact helpdesk@mpi.nl if you do not have a certificate yet. 

It is getting harder to recognise phishing emails. Please be particularly careful if you are asked to provide financial or other personal data, or where there is any immediate request for information of this sort. NEVER provide personal information, such as account details, through a link in an email message! Digital certificates can help verify who the sender of the email is. If you are not sure if you received a phishing email, contact the TG helpdesk at helpdesk@mpi.nl.

Although it is always important to store information securely, it is crucial in the case of personal data. Do not store personal data in Dropbox or on an unencrypted memory stick, hard drive, or laptop computer. OwnCloud, your home drive (K: drive or U: drive) and your workspace folder are examples of secure places in which to store information. Please ensure that only those individuals who, because of their position, need to consult such personal data have access to such a folder. For questions about secure data storage, please contact the TG helpdesk. 

When you encrypt information, no one can access it any longer with the exception of the person who knows the relevant password or code. You can encrypt files using bitblocker and other programmes. Please contact the TG helpdesk for questions. 

Your password is the key to the information which you have stored. Choose a strong password, do not write it down, and use different passwords for various applications. Never share your password with anyone!

Delete all of the (personal) data that are still in your storage, but that you do not need any longer. This way, you can be certain that no one will be able to access the data anymore.