What is a legal basis?
In general, the legal basis for financial matters is either that there is a legal obligation or that it is in the public interest. This means that in these cases you do not need to ask data subjects for their consent.
What information do I need to provide?
Pursuant to Articles 13 and 14 of the GDPR, you have an obligation to inform the data subject about a number of points.
Tips on how to process personal data in financial matters
You need to inform the data subject that you are processing their personal data.
Purchasing and procurement
In simplified procurements, when you need to collect personal data, for example references, use the wording of the General Data Protection Regulation in the template for simplified procurement. Be careful in the handling of tenders; try to avoid any unnecessary dissemination of personal data. Do not send personal data to people who do not need it. A similar approach should also apply when placing orders or in direct procurements.
When you send customer information that contains personal data to the Finance Division, you should not print a copy of the web form or email to keep for yourself.
Do not make or print copies of invoices, travel expense reports or similar if not necessary. The supporting documentation required for the process should be securely handled and erased when no longer required. Do not save copies or printouts for longer than is necessary. Remember that supporting documentation which constitutes accounting information, for example if you have added information to a copy so that it becomes an original document, should be filed and destroyed as per standard procedures.
If, for example, you need to make a payment prior to a conference without an invoice you must not include unnecessary information, only the documentation validating the information required.
All original documentation of decisions is to be officially recorded and filed in accordance with normal routines at each department or faculty office. However, the form with the scholarship recipient’s bank details is considered work material and should not be registered or filed. For example, save it in a separate folder or file only for as long as necessary taking into consideration the period in which scholarship payments are processed by the department/faculty.
For questions about personal data and data protection, please contact:
Data Protection Officer, Legal Counsel
dataskyddsombud [at] lu [dot] se
+46 46 222 04 26