Make an inventory and develop an action plan
It is important that you form a picture of the personal data which is processed within your area of activities and how this processing occurs. In this way you can detect problems or risks.
Checklist to review personal data processing in your area of activity:
Which personal data do you process?
Pay particular attention to how sensitive personal data and personal identify numbers are processed. Remember to look at personal data in both digital and paper form.
How do you process personal data?
- Where do you store personal data?
- Who has access to the personal data?
- How do you share personal data with each other? Do you share it via email, via a shared server account or in another way?
- Do you share personal data with people outside of Lund University?
- Do you have routines for destroying personal data when it is no longer needed?
Identify potential risks
If necessary – develop an action plan to improve the processing of personal data
If you have your own IT systems it is your responsibility to ensure they comply with the regulations. The easiest way to do this is by ensuring the IT systems are used in accordance with the University’s system administration model. Information on the model can be requested from the Strategic Development Office. Contact karl [dot] ageberg [at] rektor [dot] lu [dot] se
Remember that this applies to IT systems you have developed yourselves as well those which you have purchased. However, it does not apply to university-wide IT systems such as Primula or LUCRIS.
The University has developed an online course on information security. It is available for all employees via Kompetensportalen. Encourage your staff to take the course.
dataskyddsombud [at] lu [dot] se
- Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
- Data subject – the person whose personal data you collect and/or process.
- Data protection officer – the role and function responsible for Lund University’s compliance with the GDPR.
- The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
- Data Protection Act – the Swedish national complement to the EU’s GDPR.