Personal data and the administration of IT systems
Within the University, personal data is often processed using one of our IT systems, for example systems used in research, education or administration.
You must have a legal basis for processing personal data. The legal basis for processing personal data in IT systems entirely depends on its purpose. The person responsible for the content in the system is also responsible for their being a legal basis for the processing.
As a system manager, what are my responsibilities?
As a system manager, you are responsible for the IT system being compliant with data protection legislation which means that:
- data should be stored securely and within the EU/EES,
- if the University purchases an IT service there should be a data processing agreement with the supplier,
- authorisation to use the IT system should be assigned correctly, and
- those who use the IT system should receive information on how to use the system correctly.
All IT systems within Lund University are to be used in accordance with the University’s system administration model. If you follow the model, it means that you will also conduct a review of whether or not the IT system meets the requirements of the data protection legislation. The Strategic Development Office is responsible for the system administration model. For further information, contact Karl Ageberg karl [dot] ageberg [at] rektor [dot] lu [dot] se
What information do I need to provide to data subjects?
The General Data Protection Regulation (GDPR) regulates the information you need to provide to data subjects. As a general rule, it is not your responsibility as system manager, to inform data subjects, but there are exceptions.
For questions about personal data and data protection, please contact:
Data Protection Officer, Legal Counsel
dataskyddsombud [at] lu [dot] se
+46 46 222 04 26