Javascript is not activated in your browser. This website needs javascript activated to work properly.


Personal data processing in financial matters
This page provides information on how you should process personal data in financial matters.

Finance and personal data

Personal data processing is frequent in financial matters in connection with external invoices, the awarding of scholarships, and procurements. When you process personal data you must ensure you comply with the current data protection legislation but also with laws and regulations on disclosure, archiving and accounting. 

What is a legal basis?

You must have a legal basis in order to process personal data.

Read more about the legal basis and consent on the pages:

What information do I need to provide?

Pursuant to Articles 13 and 14 of the GDPR, you have an obligation to inform the data subject about a number of points.

Read more about the information you need to provide on the Information for data subjects page

Tips on how to process personal data in financial matters

Shortcuts on the page:

Informing the data subject

You need to inform the data subject that you are processing their personal data.

Read more about the information you need to provide on the Information for data subjects page. 

Purchasing and procurement

In simplified procedures, when you need to collect personal data, for example references, use the wording of the General Data Protection Regulation in the template for simplified procedures. Be careful in the handling of tenders; try to avoid any unnecessary dissemination of personal data. Do not send personal data to people who do not need it. A similar approach should also apply when placing orders or in the direct procurements.

Go to the Simplified procurement page

Issuing customer invoices

When you send customer information which contains personal data to the Division of Finances you should not print a copy of the web form or email to keep yourself.

Handling financial matters

Do not make or print copies of invoices, travel receipts or similar if not necessary. Documentation required for processing should be securely processed and erased when longer required. Do not save copies or printouts for longer than is necessary. Remember that documentation which constitutes accounting information, for example if you have added information to a copy so that it becomes an original document, should be filed and destroyed as per standard routines.  

Paying for conferences or membership fees with a payment method other than invoice or card

If you need, for example, to make a payment before a conference without an invoice you must not include unnecessary information, only the documentation validating this information.  

Handling scholarships

All original documentation of decisions is to be officially recorded and filed in accordance with normal routines at each department or faculty office. However, the form with the scholarship recipient’s bank details is considered work material and should not be registered or filed. For example, save it in a separate folder or file only for as long as necessary taking into consideration the period in which scholarship payments are processed by the department/faculty. When you delete the form, do so securely, for example by shredding it.

Page Manager:


dataskyddsombud [at] lu [dot] se

GDPR glossary

  • Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
  • Data subject – the person whose personal data you collect and/or process.
  • Data protection officer – the role and function responsible for Lund University’s compliance  with the GDPR.
  • The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
  • Data Protection Act – the Swedish national complement to the EU’s GDPR.

Telephone: +46 (0)46-222 00 00 (switchboard)
Mailing adress: Box 117, 221 00 Lund, Sweden
Invoice adress: Box 188, 221 00 Lund, Sweden
Organisation number: 202100-3211

Site manager: staffpages [at] lu [dot] se

About this website