Javascript is not activated in your browser. This website needs javascript activated to work properly.


Processing personal data in emails
Data protection legislation also covers personal data in emails, which means that the University needs to change its working methods and procedures. On this page, you will find out how you are to provide information, and guidelines on managing emails.

When a person contacts you via email, you need to remember to inform the person about how the University processes personal data, while also bearing in mind how you manage and store emails.

Shortcuts on the page:

How do I provide information?

You can inform the email recipient in a simple way by including the following text in your email signature:

In Swedish: "När du skickar e-post till Lunds universitet behandlar vi dina personuppgifter i enlighet med gällande lagstiftning. Mer om hur dina personuppgifter behandlas hittar du på Lunds universitets webbplats"

In English: "When you send emails to Lund University, we process your personal data in accordance with existing legislation. To find out more about the processing of your personal data, visit the Lund University website"

You do not need to inform employees and enrolled students at Lund University.

How do I manage emails with general personal data?

Remember to:

  • use email to communicate, not to store
  • process personal data in email as little as possible
  • never save emails with personal data in the inbox “just in case they come in useful”. Personal data is not to be stored in email for longer than necessary for the intended purpose. Once your processing of personal data is complete, the information is to be moved to another suitable location, or deleted. Each organisation needs to decide how long different types of email messages are to be saved.
  • process personal data in emails in such a way as to ensure appropriate security in compliance with current legislation
  • The same rules apply to processing regardless of whether you send emails internally or externally.

Sensitive or confidential personal data in emails


  • not to process or save personal data that is sensitive or confidential in email form. If you are sent sensitive or confidential personal data, you are not permitted for example to forward or respond to the email. Follow the instructions under the heading "How do I manage emails with personal data?" above. If you need to reply to the sender, do so in a new email to avoid the data being disseminated further. If an employee, for example, reports in sick via email, you are to delete the email once you have carried out the necessary processing.
  • not to send sensitive personal data or personal data that particularly warrants protection via email, such as details about a person’s health, religious convictions or political views. Also avoid sending via email other data that is sensitive for a person’s integrity and warrants particular protection, such as a person’s payslip, evaluations of a person’s social skills, details from a staff appraisal, information concerning a person’s private life or social circumstances, or their personal identity number. In Sweden, a person’s personal identity number is also considered data warranting special protection. The Swedish Data Protection Authority therefore considers that personal identity numbers should be exposed as little as possible.
  • If you must use email, review the content to see whether it is possible to anonymise the information.
  • Automatic external forwarding of your work email to email services outside Lund University’s network and beyond the University’s control, such as Gmail, Hotmail or other services, is not permitted.
  • The same rules apply to processing regardless of whether you send emails internally or externally.
  • If you process a request for the release of an official document containing personal data, you are to follow Lund University’s regulations on the release of official documents in electronic form:
    Download Lund University’s regulations for the release of official documents in electronic form, in Swedish (PDF, 78 kB, new window)

Support and tools

Page Manager:


dataskyddsombud [at] lu [dot] se

GDPR glossary

  • Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
  • Data subject – the person whose personal data you collect and/or process.
  • Data protection officer – the role and function responsible for Lund University’s compliance  with the GDPR.
  • The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
  • Data Protection Act – the Swedish national complement to the EU’s GDPR.

Telephone: +46 (0)46-222 00 00 (switchboard)
Mailing adress: Box 117, 221 00 Lund, Sweden
Invoice adress: Box 188, 221 00 Lund, Sweden
Organisation number: 202100-3211

Site manager: staffpages [at] lu [dot] se

About this website