Menu

Javascript is not activated in your browser. This website needs javascript activated to work properly.

Laws and regulations

GDPR
This page contains detailed information about the GDPR and the development of legislation in Sweden.

Short cuts on the page

Laws and ordinances

The GDPR is an EU-wide law, but it is complemented with laws and regulations in each country. In addition to laws and regulations, Sweden carried out a range of preliminary work that shows the intention of legislators.

EU-wide legislation

The EU regulation regulates aspects such as:

  • What is personal data?
  • What is sensitive personal data?
  • What is the legal basis for processing personal data?
  • What rights do data subjects have?
  • Each country is to have a supervisory authority.

Below are links to the EU’s General Data Protection Regulation in Swedish and English. The documents open in a new window.

Swedish supplementary regulations

Data Protection Act
In Sweden, there is a new Data Protection Act that complements the EU regulation. The Swedish Data Protection Act states that:

  • the act or other ordinance, collective agreement or a decision that has been communicated with the legal authority of the act or other ordinance constitute a legal obligation
  • a public task is to be covered by the act or other ordinance, collective agreement or a decision that has been communicated with the legal authority of the act or other ordinance
  • personal identity numbers warrant special protection
  • administrative penalties may be charged by public authorities.

Download the Data Protection Act (2018:218) with complementary provisions to the EU’s GDPR, in Swedish (PDF, 1.15 MB, new window)

Data Protection Ordinance
There are also complementary provisions to the EU’s GDPR, which among other things stipulate the procedure for administrative penalties.

Download the Ordinance (2018:219) with complementary provisions to the EU’s GDPR, in Swedish (PDF, 4.94 MB, new window)

Preliminary work

Investigations

The conclusions of the investigations include in-depth discussion on the consequences of the new EU regulation. Three of the reports are of special interest to the higher education sector. Below are links to the reports. The documents open in a new window.

Bills

The arguments and proposals were then processed by the Government which in turn put forward three different bills that present their proposals. These bills were then passed by the Swedish parliament.

  • Bill 2017/18:105 New data protection act

Here the Government states among other things that the Public Access to Information and Secrecy Act and the Archives Act continue to apply in the same way as today.

Download Bill 2017/18:105 New data protection act, in Swedish (PDF, 2.58 MB, new window)

  • Bill 2017/18:218 Processing of personal data in the higher education sector

Here the Government states among other things that:

  • education is a public task. This means that the University is allowed to process personal data that is necessary for conducting education.
  • education is also a matter of important public interest. This may entail the processing of sensitive personal data in certain cases.

Download Bill 2017/18:218 Processing of personal data in the education sector, in Swedish (PDF, 3.76 MB, new window)

  • Bill 2017/18:298 Processing of personal data for research purposes

Download Bill 2017/18:298 Processing of personal data for research purposes, in Swedish (PDF, 3.72 MB, new window)

 

Page Manager:

Contact

dataskyddsombud [at] lu [dot] se

GDPR glossary

  • Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
  • Data subject – the person whose personal data you collect and/or process.
  • Data protection officer – the role and function responsible for Lund University’s compliance  with the GDPR.
  • The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
  • Data Protection Act – the Swedish national complement to the EU’s GDPR.

Telephone: +46 (0)46-222 00 00 (switchboard)
Mailing adress: Box 117, 221 00 Lund, Sweden
Invoice adress: Box 188, 221 00 Lund, Sweden
Organisation number: 202100-3211

Site manager: staffpages [at] lu [dot] se

About this website