The browser you are using is not supported by this website. All versions of Internet Explorer are no longer supported, either by us or Microsoft (read more here:

Please use a modern browser to fully experience our website, such as the newest versions of Edge, Chrome, Firefox or Safari etc.

Personal data and data protection (GDPR)

Online GDPR course

An online General Data Protection Regulation (GDPR) course is now available. Produced by Chalmers and KTH among others, the course is complemented with comments from Lund University’s data protection officer. It consists of short videos in which each section is a few minutes long. Each section also provides answers to questions such as: What is personal data and how may we process it? How is personal data processed within research, education and administration, and who has ultimate responsibility? The course is intended for everyone at the University. You log in using your LUCAT id here (opens in the same window).

What is GDPR?

The EU’s General Data Protection Regulation (GDPR) and the Swedish Data Protection Act have replaced Sweden’s Personal Data Act (PUL). “EU:s Dataskyddsförordning” is the Swedish translation of the EU’s General Data Protection Regulation (GDPR).

Read more about the GDPR on the Swedish Authority for Privacy Protection's website, which you will reach by clicking on this link (link opens in the same window)

By clicking here you will find information about how to register research projects and also a link to PULU (link opens in the same window)

What is the purpose of GDPR?

The purpose is to strengthen the right to privacy and adapt legislation to the digital society. For Lund University, this means that we are to safeguard our students, partners and colleagues, as well as the participants in our research projects.  

What are the implications for the University?

Our mission means that we are permitted to process the personal data that is necessary for conducting education, research and external engagement. Lund University is to process personal data in a secure and correct manner. This means that data is to be protected so that is not lost, corrupted or vulnerable to unauthorised access.

Information and support

The information is divided up into two sections: general and area-specific information. To assist you, there are checklists for aspects on which you need to inform the data subject, FAQs and general tips.


Lund University has an external Data Protection Officer; Secure State Cyber AB and the contact person at Secure State Cyber AB is Sanja Hebib.

Do you have questions regarding data protection - please contact:

dataskyddsombud [at] lu [dot] se (dataskyddsombud[at]lu[dot]se)

GDPR glossary

  • Personal data controller – the organisation responsible for processing your personal data. In all but a few cases, Lund University is always the personal data controller.
  • Data subject – the person whose personal data you collect and/or process.
  • Data protection officer – the role and function responsible for Lund University’s compliance  with the GDPR.
  • The EU’s General Data Protection Regulation (GDPR) - The Swedish translation of GDPR is “Dataskyddsförordningen”.
  • Data Protection Act – the Swedish national complement to the EU’s GDPR.