Skip to content

Instructions for processing Oamk’s data


Keywords: , , , , , , , , , ,

NB. This is an unofficial translation. Please see the Finnish version for reference.

Please refer to the tables on this page to see where you can store and process data in Oamk, and how you can share data to others. Oamk’s data is classified into three protection levels, depending on who needs to access it. The protection levels are

  1. public material,
  2. internal material, and
  3. confidential material.

In addition, there can also be materials classified as secret, the processing of which is not described on this page.


Data storage and processing: information systems

Service Public  Internal Confidential Limitations
Peppi, basic register allowed allowed allowed NB: No health information!
OAMK Moodle allowed allowed allowed with limitations Verbal feedback can be given to students or collected from students. Moodle also stores exam and other answers returned by students to Moodle.
Oamk’s 365 OneDrive for business, Teams, SharePoint etc. allowed allowed with limitations allowed with limitations Student lists, etc. lists containing name and contact information or academic performance information, are generally shared among the staff in SharePoint (alternatively in OneDrive, but in that case it is worth noting that OneDrive is emptied when the person’s employment ends. See OneDrive instructions). Protected information cannot be accessed with just a link, but the recipient must login to get access.
Intra allowed not allowed not allowed
Viva Engage allowed not allowed not allowed
Public webpages allowed not allowed not allowed
eDuuni allowed allowed not allowed In business cooperation, the tools must be agreed separately.
Dynamics 365 CRM allowed not allowed not allowed
Request tracker allowed allowed not allowed
Youtube allowed not allowed not allowed Hiding the link is not enough to protect data. (You can enter only your own information at your own discretion.)
Reportronic and
Thinking portfolio
allowed allowed with limitations not allowed The work allocation information can be saved.
Remote data processing via VDI or VPN allowed allowed with limitations allowed with limitations As a rule, only with devices provided by the employer. With own devices, the device must be only in the user’s personal use (e.g. not a shared family computer) and security must be taken care of.
Other systems not mentioned here, e.g. joint registers used with other higher education institutions, etc. allowed allowed with limitations allowed with limitations Always check the data protection level of the system you use. from the system administrator or Oamk’s data protection officer.

Data storage and processing: files

Storage Public Internal Confidential Limitations
Storage on the local hard disk of a computer managed by Oamk. allowed allowed allowed with limitations Allowed when encrypted. The user must take care of the backups himself.
Data processing on a computer or mobile device that is not managed by Oamk (e.g. personal home computer) allowed allowed with limitations not allowed The user must take care of the backups himself.
Data on a public computer (e.g. library) allowed with limitations not allowed not allowed Read-only, when login is not required
Home directory (network drive, K drive) allowed allowed with limitations allowed with limitations Personal data is primarily stored in information systems. We recommend O:\personnel folder for shared use
Oamk’s internally shared, protected network drives. allowed allowed with limitations allowed with limitations Personal data is primarily stored in information systems, but e.g. course-specific work lists, which are deleted after the end of the course, can be saved here during the course. Pseudonymisation of data is recommended -> students by student number, not by name and/or social security number.
Common network drives (other than those mentioned above) allowed not allowed not allowed
Saving to Oamk’s phone or tablet (security code in use) allowed not allowed not allowed The user must take care of the backup himself, basically only for temporary use.
USB memory, CD/DVD/Bluray, external hard disk allowed allowed with limitations not allowed Data encryption must be ensured. Store carefully. The user must take care of the backups himself.

Data storage and processing: public cloud services

Cloud service Public Internal Confidential Limitations
Public cloud services (e.g. Google Drive, Trello, Asana, Padlet), linked to your Oamk email allowed allowed with limitations not allowed A certain subject area (e.g. a project) or various workshops. Files are shared with known users only, not by a hidden link. If there is no other option in the collaborative project, e.g. company contact information can be saved. However, not e.g. students’ personal data.
Public cloud services (e.g. Google Drive, Trello, Asana, Padlet), not linked to your Oamk email allowed not allowed not allowed Basically, not used for work.

Sending/sharing data

Tool Public Internal Confidential Limitations
Oamk email allowed allowed allowed with limitations Internal use at Oamk: There is no need to use encryption between Oamk users. Encryption should nbe considered, when sending outside the house.
Basically, instead of sending lists containing personal data, it is recommended to share them from Oamk’s SharePoint or OneDrive. In this way, there are fewer copies of the files.
Oamk email encrypted [salattu] allowed allowed allowed with limitations Transfer of material to a partner with whom there is an agreement on the processing of the material.
Turvaposti.fi allowed with limitations allowed with limitations allowed with limitations Requires a separate paid license.
Funet filesender allowed allowed with limitations not allowed Encrypted files
Letter mail, internal mail allowed allowed with limitations allowed with limitations In a closed envelope
Own, personal email (e.g. gmail) allowed not allowed not allowed Personnel should always use only work e-mail to perform work tasks. Oamk work e-mail may not be forwarded to your own personal e-mail address.

Online survey tools

Tool Public Internal Confidential Limitations
365 Forms allowed allowed with limitations not allowed Care must be taken to ensure that the materials are processed appropriately.
Webropol allowed allowed with limitations allowed with limitations Care must be taken to ensure that the materials are processed appropriately.

Telling about, or showing the material to others

Tool Public Internal Confidential Limitations
Phone allowed allowed with limitations allowed with limitations Identity must be verified, bystanders must not hear.
Online meetings: Teams, Nordunet Zoom or Webex allowed allowed with limitations allowed with limitations Identity must be verified, bystanders must not hear or follow, recordings and screenshots must be taken into account.

Printing materials and destroying papers

Task Public Internal Confidential Limitations
Printing to paper allowed allowed with limitations allowed with limitations Use secure printing only
Destroying papers: regular paper trash can allowed not allowed not allowed
Destroying papers: locked data security trash can allowed allowed allowed

Note! Please take care of the data life cycle: By law, materials containing personal data must be destroyed when they are no longer needed. Information on how long the materials should be kept, should be found in the data archive plan. When the storage period has expired, the data must be deleted.

« Back

This article was published in categories English version available, All instructions, Oamk , for Oamk staff, accessible content and tags , , , , , , , , , , . Add the permalink to your favourites.