Personal data and data protection (GDPR)

Online GDPR course

An online General Data Protection Regulation (GDPR) course is now available. Produced by Chalmers and KTH among others, the course is complemented with comments from Lund University’s data protection officer. It consists of short videos in which each section is a few minutes long. Each section also provides answers to questions such as: What is personal data and how may we process it? How is personal data processed within research, education and administration, and who has ultimate responsibility? The course is intended for everyone at the University. You log in using your LUCAT id here.

What is GDPR?

The EU’s General Data Protection Regulation (GDPR) and the Swedish Data Protection Act have replaced Sweden’s Personal Data Act (PUL). “EU:s Dataskyddsförordning” is the Swedish translation of the EU’s General Data Protection Regulation (GDPR).

Read more about the GDPR on the Swedish Data Protection Authority’s website, which you will reach by clicking on this link (link opens in the same window)

By clicking here you will find information about how to register research projects and also a link to PULU (link opens in the same window)

What is the purpose of GDPR?

The purpose is to strengthen the right to privacy and adapt legislation to the digital society. For Lund University, this means that we are to safeguard our students, partners and colleagues, as well as the participants in our research projects.  

What are the implications for the University?

Our mission means that we are permitted to process the personal data that is necessary for conducting education, research and external engagement. Lund University is to process personal data in a secure and correct manner. This means that data is to be protected so that is not lost, corrupted or vulnerable to unauthorised access.

Information and support

The information is divided up into two sections: general and area-specific information. To assist you, there are checklists for aspects on which you need to inform the data subject, FAQs and general tips.


For questions about personal data and data protection, please contact:

Kristin Asgermyr
Data Protection Officer, Legal Counsel
dataskyddsombud [at] lu [dot] se
+46 46 222 04 26

GDPR glossary

  • Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
  • Data subject – the person whose personal data you collect and/or process.
  • Data protection officer – the role and function responsible for Lund University’s compliance  with the GDPR.
  • The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
  • Data Protection Act – the Swedish national complement to the EU’s GDPR.