Javascript is not activated in your browser. This website needs javascript activated to work properly.


Management and personal data processing
Here you will find information and support on what you as manager can do to ensure the activities you manage comply with the demands of the EU’s GDPR and the Swedish Data Protection Act.

Make an inventory and develop an action plan

It is important that you form a picture of the personal data which is processed within your area of activities and how this processing occurs. In this way you can detect problems or risks.

Checklist to review personal data processing in your area of activity:

Which personal data do you process?

Pay particular attention to how sensitive personal data and personal identify numbers are processed. Remember to look at personal data in both digital and paper form.

How do you process personal data?

  • Where do you store personal data?
  • Who has access to the personal data?
  • How do you share personal data with each other? Do you share it via email, via a shared server account or in another way?
  • Do you share personal data with people outside of Lund University?
  • Do you have routines for destroying personal data when it is no longer needed?

Identify potential risks

If necessary – develop an action plan to improve the processing of personal data

IT systems

If you have your own IT systems it is your responsibility to ensure they comply with the regulations. The easiest way to do this is by ensuring the IT systems are used in accordance with the University’s system administration model. Information on the model can be requested from the Strategic Development Office. Contact karl [dot] ageberg [at] rektor [dot] lu [dot] se

Remember that this applies to IT systems you have developed yourselves as well those which you have purchased. However, it does not apply to university-wide IT systems such as Primula or LUCRIS.

Read more about IT systems and personal data on the IT systems page


The University has developed an online course on information security. It is available for all employees via Kompetensportalen. Encourage your staff to take the course.

Find out more about the information security course via Kompetensportalen

Page Manager:


dataskyddsombud [at] lu [dot] se

GDPR glossary

  • Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
  • Data subject – the person whose personal data you collect and/or process.
  • Data protection officer – the role and function responsible for Lund University’s compliance  with the GDPR.
  • The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
  • Data Protection Act – the Swedish national complement to the EU’s GDPR.

Telephone: +46 (0)46-222 00 00 (switchboard)
Mailing adress: Box 117, 221 00 Lund, Sweden
Invoice adress: Box 188, 221 00 Lund, Sweden
Organisation number: 202100-3211

Site manager: staffpages [at] lu [dot] se

About this website