Within human resources, personal data is processed for both staff and non-employees. For example, it may relate to recruitment, salary reviews or rehabilitation matters.
When you process personal data within the area of human resources you must make sure you comply not only with the data protection legislation, but also other applicable laws and regulations (for example the Archives Act, and the Public Access to Information and Secrecy Act).
Examples of non-employees whose personal data is processed in the area of human resources:
- Applicants for positions at Lund University
- Non-employees receiving payment for work, for example guest lecturers and external experts in the recruitment of teaching staff
- Non-employees who are paid for travel or expenses
- Study and trial subjects
- Former employees receiving payments
- Student representatives on committees, boards and councils.
You must have a legal basis for processing personal data. The most common legal basis in the area of human resources is legal obligation, namely something that the University must do to comply with a law, ordinance, other provision or collective agreement. In these cases, you are permitted to process any necessary personal data.
In staff recruitment, through the advertising of vacancies and processing of applications, another legal basis applies, namely consent. Their consent is managed in the Varbi IT system. But if you receive applications from outside the IT system, you must inform and request consent from the applicant.
You can read more on the Consent page, by clicking on this link (opens in the same window)
What information do I need to provide to data subjects?
New and current staff receive standardised information from their employer about Lund University’s processing of their personal data. This means you do not need to inform employees every time you process their personal data.
Those applying for a position via the Varbi IT system will receive the information via the system.
There are cases where you must inform the person whose personal data you are processing. This is the case, for example, for non-employees receiving any form of payment from the University.
Lund University has an external Data Protection Officer; Secure State Cyber AB and the contact person at Secure State Cyber AB is Per Bergstrand
Do you have questions regarding data protection - please contact:
dataskyddsombud [at] lu [dot] se