Committees and boards
The legal basis for processing personal data
One of the University’s responsibilities is to collaborate with wider society and to provide information on our activities. This includes providing information about our organisation, how the University is managed and the decisions that are made. This is a so-called public task which provides a legal basis for processing personal data. It means we can process personal data to provide information about boards and advisory boards, but only personal data which is necessary.
What information can I put online?
You are allowed to put information about a board or advisory board online and, among other things, provide information on who the members are, for example the secretary or other people connected to it. However, only provide personal data which is necessary, for example name, title, the person’s unit within the University or the external organisation to which a person is affiliated.
How do I process minutes?
You are also allowed to put meeting minutes online, with information on who was there and what decisions were made. Be careful with matters relating to individuals. One option is to include all data on individuals in an annexe offline. The minutes would state, for example: “The Board decided that [...], in accordance with the annexe”.
If the board/advisory board organises a course, conference or similar, it may mean that other kinds of personal data need to be processed.
dataskyddsombud [at] lu [dot] se
- Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
- Data subject – the person whose personal data you collect and/or process.
- Data protection officer – the role and function responsible for Lund University’s compliance with the GDPR.
- The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
- Data Protection Act – the Swedish national complement to the EU’s GDPR.