Javascript is not activated in your browser. This website needs javascript activated to work properly.

Human resources

Personal data processing in human resources and recruitment work
Here you will find information and support for work in human resources and recruitment matters.

Within human resources, personal data is processed for both staff and non-employees. It may relate to, for example, recruitment, salary reviews or rehabilitation matters. When you process personal data within the area of human resources you must make sure you comply with the data protection legislation but also other applicable laws and regulations (for example, the Archives Act, and Public Access to Information and Secrecy Act).

Examples of non-employees whose personal data is processed in the area of human resources:

  • Applicants for positions at Lund University
  • Non-employees receiving payment for work, for example guest lecturers and external experts in the recruitment of lecturers
  • Non-employees who are paid for travel or expenses
  • Study and trial subjects
  • Former employees receiving payments
  • Student representatives on committees, boards and advisory boards

Legal basis

You must have a legal basis for processing personal data. The most common legal basis in the area of human of resources is legal obligation, namely something that the University must do to comply with a law, ordinance, other provision or collective agreement. In these cases, you are permitted to process any necessary personal data.

In staff recruitment, through the advertising of vacancies and processing of applications, another legal basis applies, namely consent. Their consent is managed in the Varbi recruitment system, but if you receive applications outside the system you must inform and request consent from the applicant.

Read more on the Consent page

What information do I need to provide to data subjects?

New and current staff receive standardised information from their employer about Lund University’s processing of their personal data. This means you do not need to inform employees every time you process their personal data.

Those applying for a position via the Varbi recruitment system will receive the information in the system.

There are cases where you must inform the person whose personal data you are processing. This is the case, for example, for non-employees receiving any form of payment from the University. 

Read more about the information you need to provide on the Information for data subjects page. 

Support and tools

Page Manager:


dataskyddsombud [at] lu [dot] se

GDPR glossary

  • Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
  • Data subject – the person whose personal data you collect and/or process.
  • Data protection officer – the role and function responsible for Lund University’s compliance  with the GDPR.
  • The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
  • Data Protection Act – the Swedish national complement to the EU’s GDPR.

Telephone: +46 (0)46-222 00 00 (switchboard)
Mailing adress: Box 117, 221 00 Lund, Sweden
Invoice adress: Box 188, 221 00 Lund, Sweden
Organisation number: 202100-3211

Site manager: staffpages [at] lu [dot] se

About this website