The browser you are using is not supported by this website. All versions of Internet Explorer are no longer supported, either by us or Microsoft (read more here:

Please use a modern browser to fully experience our website, such as the newest versions of Edge, Chrome, Firefox or Safari etc.

Human resources

Within human resources, personal data is processed for both staff and non-employees. For example, it may relate to recruitment, salary reviews or rehabilitation matters.

When you process personal data within the area of human resources you must make sure you comply not only with the data protection legislation, but also other applicable laws and regulations (for example the Archives Act, and the Public Access to Information and Secrecy Act).

Examples of non-employees whose personal data is processed in the area of human resources:

  • Applicants for positions at Lund University
  • Non-employees receiving payment for work, for example guest lecturers and external experts in the recruitment of teaching staff
  • Non-employees who are paid for travel or expenses
  • Study and trial subjects
  • Former employees receiving payments
  • Student representatives on committees, boards and councils.

Legal basis

You must have a legal basis for processing personal data. The most common legal basis in the area of human resources is legal obligation, namely something that the University must do to comply with a law, ordinance, other provision or collective agreement. In these cases, you are permitted to process any necessary personal data.

In staff recruitment, through the advertising of vacancies and processing of applications, another legal basis applies, namely consent. Their consent is managed in the Varbi IT system. But if you receive applications from outside the IT system, you must inform and request consent from the applicant.

You can read more on the Consent page, by clicking on this link (opens in the same window)

What information do I need to provide to data subjects?

New and current staff receive standardised information from their employer about Lund University’s processing of their personal data. This means you do not need to inform employees every time you process their personal data.

Those applying for a position via the Varbi IT system will receive the information via the system.

There are cases where you must inform the person whose personal data you are processing. This is the case, for example, for non-employees receiving any form of payment from the University.  

You can read more about the information you need to provide on the Information for data subjects page, by clicking here (opens in the same window)


Lund University has an external Data Protection Officer; Secure State Cyber AB and the contact person at Secure State Cyber AB is Sanja Hebib.

Do you have questions regarding data protection - please contact:

dataskyddsombud [at] lu [dot] se (dataskyddsombud[at]lu[dot]se)