Sjekkliste for personvern - Student

Web Content Display

Privacy and data protection checklist

For privacy and personal data to be processed correctly, there are several things you must consider as a student. This page gives you a quick overview and a checklist of the most important things you need to know about privacy at OsloMet.

What do you as a student need to keep in mind? 

Check if personal data is processed; that is, to see whether the information is not sufficiently anonymous after all. Remember that the processing must be anonymous from the time of collection to be considered anonymous, see website for anonymous, anonymised and de-identified information (ansatt.oslomet.no). 

In the assessment 

  • Remember that even how a person walks, a knee with a specific tattoo or other personally identifiable characteristics and voice are personal information.  
  • Make sure that you have a valid legal basis for the processing of the personal data you are to use (consent, agreement or a legal authority). When using consent, see the website about Consent and information letter (ansatt.oslomet.no). Check that the informants have been informed of their rights in the information letter or on websites. Check whether the survey is to be notified to Data Protection services (Sikt) or registered in OsloMet’s overview of the processing of personal data at OsloMet.  
  • Make sure that no more personal information than necessary is collected for the purpose (achieving learning outcomes). There are requirements on data minimization.  
  • Depending on what you plan to research or investigate, there will be guidelines for which methodology you should use and which ethical guidelines you should follow (ansatt.oslomet.no)
  • Has a classification of the personal data been made and is it processed in accordance with OsloMet’s Storage Guide (ansatt.oslomet.no) and other websites about students’ storage and processing of personal data?  
  • Has a risk assessment been made (ansatt.oslomet.no)?  
  • Has it been assessed whether a data privacy impact assessment (DPIA) (ansatt.oslomet.no) is necessary to be carried out? In cases where Data Protection Services (Sikt) is involved, Data Protection Services (Sikt) will assist you with the implementation. In cases where Data Protection Services (Sikt) is not involved, you must contact your supervisor and privacy contact at your faculty who will help you. The Data Protection Officer at OsloMet will then assess the implementation.  
  • Should an agreement be signed that regulates data privacy (ansatt.oslomet.no)?  

Contact your supervisor and, if necessary, privacy contact at your faculty (NO).