Menu

Javascript is not activated in your browser. This website needs javascript activated to work properly.

Legal basis

Information about the legal basis for personal data processing.
The legislation requires that all processing of personal data has a legal basis. This page provides information on legal bases and their application.

The legal basis for processing personal data

In order to process personal data, you must have a legally valid reason, a so-called legal basis, for why processing should be carried out. For those working at Lund University, there are five  legal bases. 

Short cuts on the page:

1. Legal obligation

If there is a law, ordinance or collective agreement which states that the University must carry out certain tasks, you are allowed to process the personal data that is necessary for them to be carried out. This means, for example, that personal data is to be archived in the same way as other records and documents and is also to be available as official documents. This does not apply to confidential data.

Legal obligation is a common legal basis within human resources that is to a large degree   based on laws, ordinances or collective agreements.

2. Exercise of public authority

You are allowed to process personal data when it is necessary as an element in exercising public authority. The exercise of public authority at the University includes admission of students, examinations or the issuing of degree certificates.

3. Public task

A public task is a task the University has been assigned by the parliament or Government. The Higher Education Act states that the University’s task is to conduct education, research and to “include third stream activities and the provision of information about their activities, as well as ensuring that benefit is derived from their research findings.” When working on these tasks, you are allowed to process personal data that is necessary to carry out these tasks.

Public tasks include:

  • necessary support operations such as governance and management, finance, provision of premises, IT support etc.
  • contract education
  • alumni activities
  • public events
  • online information

Public task is the most important legal basis for the University, as most of the University’s activities involve research, education, external engagement or the direct support of these activities.

4. Agreements

Processing personal data is permitted when it is required to fulfil agreements that the University has entered into or will enter into with an individual.

5. Consent

In certain instances, a person can give their consent for the University to process their personal data. Bear in mind that the consent is to be voluntary, informed and documented. You are not to ask people who are in some way dependent on the University for their consent, which means that as a rule you cannot use consent as a legal basis for staff and students.

Read more about consent on the Consent page

Sensitive personal data

The processing of sensitive personal data sometimes requires grounds in addition to a legal basis. Above all there is a requirement that it is actually necessary to process the specific data in question. The same applies for the processing of personal identity numbers.

Read more about sensitive personal data on the FAQs page

Support and tools

Page Manager:

Contact

dataskyddsombud [at] lu [dot] se

GDPR glossary

  • Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
  • Data subject – the person whose personal data you collect and/or process.
  • Data protection officer – the role and function responsible for Lund University’s compliance  with the GDPR.
  • The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
  • Data Protection Act – the Swedish national complement to the EU’s GDPR.

Telephone: +46 (0)46-222 00 00 (switchboard)
Mailing adress: Box 117, 221 00 Lund, Sweden
Invoice adress: Box 188, 221 00 Lund, Sweden
Organisation number: 202100-3211

Site manager: staffpages [at] lu [dot] se

About this website