Read out

Data Protection Officer of WU

WU has ap­poin­ted Georg Fell­ner, an at­tor­ney with bkp Recht­sanwälte, as the WU Data Pro­tec­tion Of­ficer.

The Data Pro­tec­tion Of­ficer’s re­spons­ib­il­it­ies in­clude:

  • Rep­res­ent­ing WU to the out­side in his role as Data Pro­tec­tion Of­ficer

  • In­vest­ig­at­ing, doc­u­ment­ing, and re­port­ing any data pro­tec­tion vi­ol­a­tions or misuse of data

  • Re­view­ing com­pli­ance with data pro­tec­tion reg­u­la­tions and data pro­tec­tion meas­ures in place at WU

  • Re­port­ing to the Rector’s Coun­cil (on an an­nual basis)

  • Draft­ing state­ments in spe­cific cases, after con­sulta­tion with the Rector’s Coun­cil

  • Provid­ing train­ing and in­creas­ing aware­ness for em­ploy­ees in­volved with data pro­cessing

  • Co­oper­at­ing with the Aus­trian Data Pro­tec­tion Au­thor­ity

  • Con­sult­ing in the con­text of data pro­tec­tion im­pact assess­ment and su­per­vising its im­ple­ment­a­tion

As be­fore, gen­eral data pro­tec­tion is­sues will be handled by Kath­ar­ina Ham­mer and Mar­tina Wolken­steiner in the Legal Af­fairs Of­fice. They are also re­spons­ible for co­ordin­a­tion with the Data Pro­tec­tion Of­ficer. Re­spons­ib­il­ity for the tech­nical im­ple­ment­a­tion of data pro­tec­tion meas­ures re­mains with IT-SER­VICES (con­tact: Karl Lan­gen­ber­ger).

If you have any gen­eral ques­tions on data pro­tec­tion laws, please con­tact: datens­

To con­tact the Data Pro­tec­tion Of­ficer, please write to: datens­chutz­beau­ftragter­

Pro­ced­ure in the event of a per­sonal data breach

Article 4 item 12 of the EU Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR) defines a “per­sonal data breach” as “a breach of se­cur­ity lead­ing to the ac­ci­dental or un­law­ful de­struc­tion, loss, al­ter­a­tion, un­au­thor­ized dis­clos­ure of, or ac­cess to, per­sonal data trans­mit­ted, stored or other­wise pro­cessed.”

To be pre­pared for such an even­tu­al­ity, WU has defined a pro­ced­ure to im­ple­ment in the event of a per­sonal data breach. Regard­less of whether a per­sonal data breach has been de­tec­ted or is only sus­pec­ted, the fol­low­ing pro­ced­ure ap­plies:

  1. The in­di­vidual who has learned of an ac­tual, sus­pec­ted, or possible data breach (here­in­after re­ferred to as “the in­cid­ent”) shall in­form their su­per­visor im­me­di­ately; if the in­di­vidual’s su­per­visor is un­avail­able, the in­di­vidual shall con­tact the Data Pro­tec­tion Of­ficer and the Legal Af­fairs Of­fice and provide them with all avail­able in­form­a­tion re­lat­ing to the in­cid­ent.

  2. The su­per­visor shall con­tact the WU Data Pro­tec­tion Of­ficer and the Legal Af­fairs Of­fice without delay.

All per­sons in­volved in pro­cessing any ac­tual, sus­pec­ted, or possible data breach are ob­lig­ated to main­tain strict con­fid­en­ti­al­ity vis-à-vis third parties.

All me­dia in­quir­ies are to be re­dir­ec­ted to the re­spect­ive mem­ber of the Rector’s Coun­cil or the Press Re­la­tions Of­ficer.

The in­form­a­tion ob­lig­a­tions that ap­ply in the event of a data breach are based on articles 33 and 34 of the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR).

GDPR web page

For more in­form­a­tion on data pro­tec­tion, please see WU’s GDPR web page: ht­tps://­vicee­in­rich­tun­gen/dsgvo/Site­Pages/Homepage.aspx