Menu

Javascript is not activated in your browser. This website needs javascript activated to work properly.

IT systems

On this page there is information on what IT system owners and administrators need to do to comply with the data protection legislation.

Personal data and the administration of IT systems

Within the University, personal data is often processed using one of our IT systems, for example systems used in research, education or administration.

Legal basis

You must have a legal basis for processing personal data. The legal basis for processing personal data in IT systems entirely depends on its purpose. The person responsible for the content in the system is also responsible for their being a legal basis for the processing.

Read more about this on the Legal basis page

As a system manager, what are my responsibilities?

As a system manager, you are responsible for the IT system being compliant with data protection legislation which means that:

  • data should be stored securely and within the EU/EES
  • if the University purchases an IT service there should be a data processing agreement with the supplier   
  • authorisation to use the IT system should be assigned correctly
  • those who use the IT system should receive information on how to use the system correctly.

All IT systems within Lund University are to be used in accordance with the University’s system administration model. If you follow the model, it means that you will also conduct a review of whether or not the IT system meets the requirements of the data protection legislation. The Strategic Development Office is responsible for the system administration model. For further information, contact Karl Ageberg karl [dot] ageberg [at] rektor [dot] lu [dot] se

What information do I need to provide to data subjects?

The GDPR regulates the information you need to provide to data subjects. As a general rule, it is not your responsibility as system manager, to inform data subjects, but there are exceptions.

Find out more about the information you need to provide on the Information for data subjects page

Support and tools

Page Manager:

Contact

dataskyddsombud [at] lu [dot] se

GDPR glossary

  • Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
  • Data subject – the person whose personal data you collect and/or process.
  • Data protection officer – the role and function responsible for Lund University’s compliance  with the GDPR.
  • The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
  • Data Protection Act – the Swedish national complement to the EU’s GDPR.

Telephone: +46 (0)46-222 00 00 (switchboard)
Mailing adress: Box 117, 221 00 Lund, Sweden
Invoice adress: Box 188, 221 00 Lund, Sweden
Organisation number: 202100-3211

Site manager: staffpages [at] lu [dot] se

About this website