Newsletters that are sent internally only to University staff are considered part of the information they require to carry out their duties. This means you may collect contact details of internal recipients for internal newsletters without needing to ask for consent. You are also not required to provide special information to staff about doing this.
You must have a valid legal basis in order to process personal data. One of the legal bases is consent, which occurs in external engagement and communication. If you collect contact details from people outside Lund University with the intention of sending newsletters you must have a legal basis to do so, in this case consent. Remember that consent needs to be voluntary, informed and documented.
Read more about the legal basis and consent in the menu to the left.
What information do I need to provide?
Pursuant to Articles 13 and 14 of the GDPR, you have an obligation to inform the data subject about several points.
You can read more about the information you need to provide on the Information for data subjects page by clicking here (link opens in the same window).
Lund University has an external Data Protection Officer; Secure State Cyber AB and the contact person at Secure State Cyber AB is Sanja Hebib.
Do you have questions regarding data protection - please contact:
dataskyddsombud [at] lu [dot] se