Management
Make an inventory and develop an action plan
It is important that you form a picture of the personal data which is processed within your area of activities and how this processing occurs. In this way you can detect problems or risks.
Checklist to review personal data processing in your area of activity:
1) Which personal data do you process?
Pay particular attention to how sensitive personal data and personal identify numbers are processed. Remember to look at personal data in both digital and paper form.
2) How do you process personal data?
- Where do you store personal data?
- Who has access to the personal data?
- How do you share personal data with each other? Do you share it via email, via a shared server account or in another way?
- Do you share personal data with people outside of Lund University?
- Do you have routines for destroying personal data when it is no longer needed?
3) Identify potential risks
If necessary – develop an action plan to improve the processing of personal data.
IT systems
If you have your own IT systems it is your responsibility to ensure they comply with the regulations. The easiest way to do this is by ensuring the IT systems are used in accordance with the University’s system administration model.
Read more about the system administration model at the staff pages
Remember that this applies to IT systems you have developed yourselves as well those which you have purchased. However, it does not apply to university-wide IT systems such as Canvas, Primula or LUCRIS.
You can read more about IT systems and personal data on the IT systems page
Staff
The University has developed an online course on information security. It is available for all employees via Kompetensportalen. Encourage your staff to take the course.
You can find out more about the information security course via Kompetensportalen
Contact
Lund University has an external Data Protection Officer; Secure State Cyber AB and the contact person at Secure State Cyber AB is Sanja Hebib.
Do you have questions regarding data protection - please contact:
dataskyddsombud [at] lu [dot] se (dataskyddsombud[at]lu[dot]se)