Personal data and data protection
On 25 May 2018, the new “Dataskyddsförordningen” (DSF) came into force and thus replaced Sweden’s Personal Data Act (PUL). Dataskyddsförordningen is the Swedish translation of the EU’s General Data Protection Regulation (GDPR).
What is the purpose of the GDPR?
The aim is to strengthen the right to a private life and adapt legislation to the digital society. Another aim is to harmonise EU legislation in the area and thereby facilitate the flow of information within the Union.
What are the implications for the University?
The new regulations clarify and place higher requirements on the University regarding the processing of personal data. The University processes large volumes of personal data every day and has an obligation to process data in a legally correct manner by:
- informing the data subject about the personal data processing
- providing information on the purpose and the relevant legal basis for processing as well as the data subject’s rights.
- asking, in certain case, for the data subject’s consent for the processing of personal data.
Information and support
The information is divided up into two sections: general and area-specific information. To assist you, there are checklists for aspects on which you need to inform the data subject, FAQs and general tips.
- Laws and regulations
- Legal basis
- General principles
- Information for data subjects
- Personal data processing agreements
dataskyddsombud [at] lu [dot] se
- Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
- Data subject – the person whose personal data you collect and/or process.
- Data protection officer – the role and function responsible for Lund University’s compliance with the GDPR.
- The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
- Data Protection Act – the Swedish national complement to the EU’s GDPR.