Data protection 

• In matters of data protection at the University of Tartu, consult Senior Specialist of Data Protection Terje Mäesalu: 
  • phone: +372 737 5119.
  • e-mail: terje.maesalu@ut.ee.

What is personal data breach?

• Personal data breach means unlawful or accidental destruction, inaccessibility or unauthorized access and disclosure of data (GDPR art 4 (12)). 

• It is a breach of security requirements, where the cause may be both an accidental  mistake of the employee or an external threat (hackers or cybercrime).

What to do in case of personal data breach? 

• Report the incident immideately, contacting  in the following order: 

1. IT Helpdesk, +372 737 5500.
2. Senior Specialist of Data Protection Terje Mäesalu, +372 5542466.
3. Chief Information Security Officer Risto Rahu, +372 5305 5032.

• Personal data breach may:
  • be harmful to the privacy of persons (eg disclosure, destruction, alteration, including identity theft, financial or property damage, damage to reputation, etc.).
  • endanger the safety of persons.

Rules and requirements 

• Keep informed of the rules of data protection.
• Check Personal data processing.
• Check Rules of administration.
• Check Processing of personal data.
• When necessary, consult Senior Specialist of Data Protection.

Data security 

• Be aware of data you hold in connection with your duties and ensure the security of data.
• If the data given to you to perform a task are no longer needed, delete them from your computer. 

Computer security 

• If you work at university, use the university computer only for the purposes of the university and for processing personal data.
• Do not keep work information on a personal device for longer than necessary for remote work.
• Don't download personal information that contains personal data to your computer.

• When you leave your computer, lock the screen. For Windows PC, hold down the Windows key and tap on the L key.  

• If you work in a place where other people can see what is on your computer screen, we recommend using a privacy filter on your screen. 

• Never leave your laptop unattended or in an unlocked room outside the office. If the device is stolen, immediately inform IT Helpdesk and change your password as soon as possible for security reasons. 

• If you suspect that you may have run a program or opened a document containing malware (unusual error message, disturbing ads, etc.), contact IT Helpdesk immediately. 

Guidelines on cybersecurity 

• When you send an e-mail, select the recipients carefully – check whether all recipients need to be involved (especially when you reply to an e-mail) and whether the recipients' e-mail addresses are correct. 
• Be careful to send the letter to the right addressee.
• If you receive an e-mail from a person or a company you do not know, use caution when opening attachments and web links in the message. If necessary, consult IT Helpdesk. 
• If you receive an e-mail which tells you to update your password, be careful and, if necessary, consult IT Helpdesk. 
• If you have opened a suspicious link, immediately contact IT Helpdesk. 

Workplace/office security 

• If you see a suspicious person on the premises, find out who they are and where they want to go.
• If necessary, inform the UT security service of your suspicions at +372 737 5111. 

What to do in case of cybersecurity incident

• A cybersecurity incident is an unwanted or unexpected information security event or events, which may harm the operations of the organisation or compromise data security. 
• Report the incident as soon as possible, contacting the ITO in the following order: 

1. IT Helpdesk, +372 737 5500.
2. Chief Information Security Officer Risto Rahu, +372 5305 5032.
3. Head of Infrastructure Imre Lall, +372 522 8381.

Raising awareness of cybersecurity 

European Data Protection Board quidelines.

European Data Protection Board