Personal data and the administration of IT systems
Within the University, personal data is often processed using one of our IT systems, for example systems used in research, education or administration.
You must have a legal basis for processing personal data. The legal basis for processing personal data in IT systems entirely depends on its purpose. The person responsible for the content in the system is also responsible for their being a legal basis for the processing.
As a system manager, what are my responsibilities?
As a system manager, you are responsible for the IT system being compliant with data protection legislation which means that:
- data should be stored securely and within the EU/EES
- if the University purchases an IT service there should be a data processing agreement with the supplier
- authorisation to use the IT system should be assigned correctly
- those who use the IT system should receive information on how to use the system correctly.
All IT systems within Lund University are to be used in accordance with the University’s system administration model. If you follow the model, it means that you will also conduct a review of whether or not the IT system meets the requirements of the data protection legislation. The Strategic Development Office is responsible for the system administration model. For further information, contact Karl Ageberg karl [dot] ageberg [at] rektor [dot] lu [dot] se
What information do I need to provide to data subjects?
The GDPR regulates the information you need to provide to data subjects. As a general rule, it is not your responsibility as system manager, to inform data subjects, but there are exceptions.
Support and tools
dataskyddsombud [at] lu [dot] se
- Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
- Data subject – the person whose personal data you collect and/or process.
- Data protection officer – the role and function responsible for Lund University’s compliance with the GDPR.
- The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
- Data Protection Act – the Swedish national complement to the EU’s GDPR.