Sending newsletters with information on University activities is part of the University’s external engagement activities. To ensure the sending of newsletters complies with the GDPR, read the information below on how it applies to internal and external newsletters.
Newsletters which are sent internally only to University staff are considered part of the information they require to carry out their duties. This means you may collect contact details of internal recipients for internal newsletters without needing to ask for consent. You are also not required to provide particular information to staff about doing this.
What is the legal basis for sending external newsletters?
You must have a valid legal basis in order to process personal data. One of the legal bases is consent which occurs in external engagement and communication. If you collect contact details from people outside Lund University with the intention of sending newsletters you must have a legal basis to do so, in this case consent. Remember that consent needs to be voluntary, informed and documented.
Read more about the legal basis and consent on the pages:
- Legal basis
What information do I need to provide?
Pursuant to Articles 13 and 14 of the GDPR, you have an obligation to inform the data subject about a number of points.
Support and tools
dataskyddsombud [at] lu [dot] se
- Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
- Data subject – the person whose personal data you collect and/or process.
- Data protection officer – the role and function responsible for Lund University’s compliance with the GDPR.
- The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
- Data Protection Act – the Swedish national complement to the EU’s GDPR.