Instruction of the Dean of the Faculty of Law of Masaryk University No.
9/2018
ON THE APPLICATION OF THE GDPR RULES AT THE LAW
FACULTY OF MU
(as amended with effect from 7 June 2018)
In accordance with MU Directive No.1/2018 Protection and Processing of Personal
Data and MU Measure No.4/2018 Mapping of Personal Data Processing Processes
and pursuant to Section 28(1) of Act No.111/1998 Coll., on Higher Education
Institutions and on Amendments and Additions to Other Acts (Act on Higher
Education Institutions), as amended (hereinafter referred to as the "Act on Higher
Education Institutions"), I issue this Implementation Guideline for the application of
the GDPR Rules at the Faculty of Law (hereinafter referred to as the "Faculty of
Law").
Article 1 Subject
matter
The subject matter of the regulation is the fulfilment of obligations in the interest of
the protection of personal data, which are considered to be, in particular, name,
address, permanent residence, delivery address, gender, age, date of birth, place of
birth, birth number, personal status, health status, health disadvantage, photographic
record, video record, audio record, e-mail address (especially if it contains, for
example, a name), telephone number - both private and work, IP address, various
identification data issued by the state: Identification number, VAT number, ID card
number, driving licence number, passport number, education, employment income
(wages, salary), pension income, cultural profile.
Article 2
Basic instructions
In order to comply with legal obligations and to strengthen the protection of personal
data, it is essential that employees comply with the following practical measures:
1. To use electronic agendas in MU systems, i.e. IS, INET, EIS/PaMS Magion, EZAK,
which are adapted to the new conditions, as much as possible when working
with personal data, and MU guarantees compliance with the required conditions.
2. Keep and regularly store paper documents containing personal information in a
locked cabinet in the office. Make only the necessary number of copies of such
documents and shred them immediately. (Adjustment of existing furniture is currently
being arranged by the Department of Operations and Building Management.)
3. Regularly shred documents containing personal data, not only in paper form, but
also in the case of documents stored on electronic storage devices, hard drives, flash
drives, etc. In the event of a requirement for secure shredding of paper documents,
notify the Head of Building Management who will arrange for shredding. In the case
of secure shredding of electronic media, forward these marked 'for shredding' to the
Head of CIT. If the materials are to be archived, ask the Faculty Secretary to arrange
for the archiving of the materials. If there is any doubt as to whether archiving or
shredding is to be carried out, contact the Faculty Secretary.
4. Avoid circulation of documents with personal data around the faculty in freely
accessible form, i.e. put documents in envelopes or filing books, do not leave them in
freely accessible places.
5. Regularly dispose of "auxiliary" paper documents in shredding machines located
in the secretariats of the departments and individual divisions of the Dean's Office.
6. Regularly destroy unnecessary and outdated directories/lists with personal data,
both in paper and electronic form. Consult with the faculty secretary on the possible
transfer of directories/lists outside MU.
7. In the case of creating new directories/lists (e.g. of participants in seminars,
conferences, etc.), indicate directly in the directory/list the legal title for its processing.
8. Have passwords set not only on PCs in offices and workrooms, but also on
technology that is entrusted for use (laptops, phones, tablets, etc.). Passwords must
not be disclosed to anyone as a matter of principle.
9. Minimise the use of email and cloud services not provided by MU for sending and
storing personal data.
10. Not to publish photographs or videos of persons in which they may be
recognisable, except under a news licence, or to secure the consent of persons to
publish them. Do not publish photographs that could be perceived as potentially
objectionable by the persons depicted.
11. Use the faculty conference system when organizing conferences and seminars.
Websites for conferences etc. should also be created within the faculty system. The
Faculty is not responsible for the content and maintenance of websites that are
outside its system, even if they are related to the Faculty.
12. Immediately notify the Faculty Secretary of any so-called incident involving a
breach or suspected breach of data governance.
Article 3
Final provisions
1. I delegate the responsibility for monitoring compliance with this instruction to the
Secretary of the MU Faculty of Arts.
2. This instruction shall take effect on 7 June 2018.
Brno, 7 June 2018
doc. JUDr. Markéta Selucká, Ph.D., v. r.,
Dean