Sustainable living. learning. researching

Med Uni Graz data protection management

The responsibly party for the processing is

 • The legal entity (e.g. Med Uni Graz) in whose interest the processing is carried out and who can dispose of it (data controller),


 • The legal entity (KAGES, external firms, etc.) performing processing activities on behalf of the responsible person (processor),


 • Natural persons (such as employees) who process data as the responsible parties or processors or for  such personal data.



Through the implementation of internal guidelines (guidelines, etc.), strategic and operational processes, as well as an ongoing monitoring and improvement process, the following requirements (rights and obligations) or goals for a data protection management are ensured:

  • Compliance with regulatory compliance (responsibility for the admissibility of data use (Purpose limitation: Collection and processing for specified, explicit and legitimate purposes only), selection of appropriate processors, maintenance of data secrecy, data minimisation, notification, information and disclosure requirements, provision for appropriate data security measures (e.g. retention limit: as soon as possible or pseudonymisation or final removal of the personal reference, etc.)
  • Compliance with rights of the data subjects
  • Obligation to report data breach
  • Duty of proof and accountability (verifiability or documentation of compliance with obligations)
  • Ensuring transparency   
  • Muniverse
  • VMC Moodle
  • Forschungportal
  • MEDonline
  • Library