The browser you are using is not supported by this website. All versions of Internet Explorer are no longer supported, either by us or Microsoft (read more here:

Please use a modern browser to fully experience our website, such as the newest versions of Edge, Chrome, Firefox or Safari etc.

IT systems

Personal data and the administration of IT systems

Within the University, personal data is often processed using one of our IT system, for example systems used in research, education or administration.

Legal basis

You must have a legal basis for processing personal data. The legal basis for processing personal data in IT systems entirely depends on its purpose. The person responsible for the content in the system is also responsible for their being a legal basis for the processing.

You can read more about this on the Legal basis page, which you will reach by clicking (opens in the same window)

As a system manager, what are your responsibilities?

As a system manager, you are responsible for the IT system being compliant with data protection legislation which means that:

  • data should be stored securely and within the EU/EES,
  • if the University purchases an IT service there should be a data processing agreement with the supplier,  
  • authorisation to use the IT system should be assigned correctly, and
  • those who use the IT system should receive information on how to use the system correctly.

All IT systems within Lund University are to be used in accordance with the University’s system administration model. If you follow the model, it means that you will also conduct a review of whether or not the IT system meets the requirements of the data protection legislation. The Strategic Development Office is responsible for the system administration model. For further information, contact Karl Ageberg karl [dot] ageberg [at] rektor [dot] lu [dot] se (karl[dot]ageberg[at]rektor[dot]lu[dot]se)

What information do you need to provide to data subjects?

The General Data Protection Regulation (GDPR) regulates the information you need to provide to data subjects. As a general rule, it is not your responsibility as system manager, to inform data subjects, but there are exceptions.

You can find out more about the information you need to provide on the Information for data subjects page, which you can reach by clicking here (opens in the same window)


Lund University has an external Data Protection Officer; Secure State Cyber AB and the contact person at Secure State Cyber AB is Sanja Hebib.

Do you have questions regarding data protection - please contact:

dataskyddsombud [at] lu [dot] se (dataskyddsombud[at]lu[dot]se)