As a responsible actor, Xamk complies with the privacy law in the processing of personal data and observes good data processing practice. We process and protect all personal data appropriately.
To promote data protection work, Xamk has established a data protection group that meets four times a year. Xamk’s management is also represented in the multidisciplinary group of approximately 15 professionals.
Data protection and data security training for the personnel
Xamk provides the staff and students with training that improves their data security and data protection skills, as well as other advice on a variety of topics. The objectives are continuous improvement of the skill level and the incorporation of these skills into everyday work.
In 2019, the personnel took an online course on data protection and data security. In addition, we prepared and updated data protection- and data security-related instructions. We prepared the File storage instructions for the storage and management of work files and the Scientific research privacy statement template to identify and make visible the personal data processing carried out during research studies and projects.
The improvement of data security is a continuous process
At Xamk, we have competent professional data security experts who continuously monitor the data security situation and improve it according to the results. Xamk maintains a high level of technical data security. Our continuous goal is to always improve the ongoing process.
In 2019, we developed an automated reminder of the expiry of passwords, revised the VPN service, developed a single sign-on procedure and tested multi-stage authentication.
We have prepared data security instructions for the staff, students and administrators and for mobile devices. The instructions are checked and updated each year. During major data security threats, we send brief messages to the staff and students, reminding them of good data security practices. The staff are also informed about any e-mail address phishing campaigns.
In 2019, the number of e-mail messages sent from forged employee e-mail addresses increased slightly. Only one serious data security incident was detected during the year, relating to e-mail messages being disclosed to a third party.
Information systems promote security
In 2019, Xamk continued to develop and introduce information systems that promote data security. Use of the Secapp mobile application, intended for communicating about threats and extraordinary situations, was expanded to cover all Xamk campuses.
The availability and reporting features of the online system relating to incident reporting were improved. Different notifications are now directly sent to the persons in charge and corrective action can be taken faster than before. The number of notifications increased by nearly 50 per cent compared with 2018.
Goals for 2020
Our goal for 2020 is to introduce the Inspection requests to the controller operating model, according to which data subjects may exercise their rights specified in the GDPR fully online, using strong electronic authentication. In addition, we aim to harmonise, streamline and describe all the methods and processes of data protection work at Xamk.
Xamk’s Management Team has also appointed a specific data protection group that is responsible for coordinating and promoting the measures relating to the requirements of the Information Management Act that entered into force on 1 January 2020.