Information for data subjects
Who are the checklists for?
The following checklists are intended for use by staff and students at Lund University who are collecting and processing personal data.
Checklist A is intended for use when personal data is collected directly from the data subject
Checklist B is intended for use when personal data is collected from a source other than the data subject
What are the checklists for?
The checklists are for ensuring that Lund University follows the pertinent legislation and contains the items of information which the University, according to articles 13 and 14 of the GDPR, is obliged to provide to the data subject.
How to use the checklists
Use the check lists as support for compiling information for the data subject concerning Lund University’s processing of their personal data. Remember:
- The information is to be provided to the data subject before or at the latest at the time of the collection of the personal data.
- The data subject is to be informed regardless of the legal basis for processing the personal data.
- The information is to be provided in writing to the data subject unless the data subject has requested that it be provided orally.
Examples of data subjects that Lund University has an obligation to inform:
- external subscribers to mail-outs (newsletters, information letters and similar)
- external participants at events for which registration is required by name and including details such as food allergies
- applicants for vacancies announced by Lund University
- external partners (invited visiting lecturers)
- prospective students (for example information mail-outs about Lund University)
- recipients of external invoices
- scholarship recipients
dataskyddsombud [at] lu [dot] se
- Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
- Data subject – the person whose personal data you collect and/or process.
- Data protection officer – the role and function responsible for Lund University’s compliance with the GDPR.
- The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
- Data Protection Act – the Swedish national complement to the EU’s GDPR.