Large quantities of personal and other sensitive data are collected and processed at FH JOANNEUM. The Management are committed to ensuring that this data is properly protected. In order to safeguard the personal data of employees, academic staff, students and research partners, FH JOANNEUM has established a Data Protection Committee (DPC) in addition to the position of a Data Protection and Data Security Officer (DPO).
Data Protection and Data Security Officer (DPO)
FH JOANNEUM is fully aware of the relevance and importance of data protection and data security. In line with this commitment, FH-Prof DI Ewald Graif was appointed as Data Protection and Data Security Officer on 1 September 2017.
Tasks and role of the DPO
Ewald Graif will play a major role in implementing the measures stipulated by the new EU General Data Protection Regulation (EU GDPR), which is due to come into effect on 25 May 2018. In his role as Data Protection Officer he is responsible for monitoring compliance with data protection regulations as well as the strategies implemented by controllers to protect personal data. He serves as the point of contact for the supervisory authority on matters relating to data protection and is also responsible for advising data subjects on all issues related to processing their personal data and exercising their rights.
The implementation and compliance with data protection provisions relies on the presence of effective measures for ensuring data security. In his position Ewald Graif is responsible for the related key tasks at FH JOANNEUM with the aim to raise the status of information security to reflect current security standards.
IT guidelines will be drawn up or adapted as part of an information security process, and regular IT security audits and risk assessments will be conducted. Security measures for risk mitigation will be developed, commissioned and monitored. Recent cyberattacks have highlighted how important it is to be able to react immediately to threats. A corresponding incident response management system needs to be established. Furthermore, measures will be implemented to heighten awareness of the issue of security among students and staff.
This DPC acts as a trust centre when it comes to the use of personal and other sensible data at FH JOANNEUM. If needed, the DPC stipulates necessary regulations for the use of student and employee data. In particular, it is the role of the DPC to decide which employee and student data will be collected and evaluated, and to regulate access to this data in accordance with legal provisions, particularly the Austrian Data Protection Act.
The DPC is currently made up of the following members:
Data Protection Officer
a permanent representative of the Staff Council
one person from each group represented in the Teaching Board (heads of degree programmes, lecturers, students)
a member of the Department for Legal Services
a member of Central IT Services
All members of the DPC have equal voting rights. When necessary, additional persons (experts) can also be consulted.
The duties of the DPC include initiating suitable measures for enforcing data security and taking measures to prevent breaches of data protection. The DPC also draws up guidelines on the use of personal and other sensitive data (e.g. in the fields of research and development) at FH JOANNEUM.
The DPC is also a contact point for raising problems related to data protection. A particular concern is to raise awareness of the subject of data protection and security so that every employee and student will act even more responsibly when handling sensitive data.