Personal data and written consent
General information about the Personal Data Act
There are some main concepts in the law that can be useful for you to know.
Personal data means any information that is directly or indirectly attributable to a physical, living person.
The rules in the Personal Data Act regarding processing refers to any measure or series of measures taken in respect to personal data. It is a broad term that covers collecting, recording, storing, adapting, distributing, compiling, and more.
Personal data controller
The personal data controller is the officer who, alone or together with others, determines the purposes and means of the processing of personal data. You as an employee are never responsible for personal data, but rather the public authority or company – in this case, Lund University.
PUL contains rules on how personal data may be processed. To a large extent, the protection of personal integrity in PUL is based on the consent of and information to the registered persons. Under certain circumstances, the law allows that personal data may be processed without the consent of the persons concerned. The rules are stricter when it comes to sensitive personal data and personal identity numbers.
Among other things, PUL also includes provisions on the security of personal data and rectification of inaccurate information.
The vast majority of the provisions of PUL do not need to be applied when processing personal data from unstructured materials, such as running text. In such cases, the processing of personal data is permitted as long as it does not involve a violation of that person’s integrity.
On the following pages you will find more information about processing personal data in specific situations: