The browser you are using is not supported by this website. All versions of Internet Explorer are no longer supported, either by us or Microsoft (read more here:

Please use a modern browser to fully experience our website, such as the newest versions of Edge, Chrome, Firefox or Safari etc.


Make an inventory and develop an action plan

It is important that you form a picture of the personal data which is processed within your area of activities and how this processing occurs. In this way you can detect problems or risks.

Checklist to review personal data processing in your area of activity:

1) Which personal data do you process?

Pay particular attention to how sensitive personal data and personal identify numbers are processed. Remember to look at personal data in both digital and paper form.

2) How do you process personal data?

  • Where do you store personal data?
  • Who has access to the personal data?
  • How do you share personal data with each other? Do you share it via email, via a shared server account or in another way?
  • Do you share personal data with people outside of Lund University?
  • Do you have routines for destroying personal data when it is no longer needed?

3) Identify potential risks

If necessary – develop an action plan to improve the processing of personal data.

IT systems

If you have your own IT systems it is your responsibility to ensure they comply with the regulations. The easiest way to do this is by ensuring the IT systems are used in accordance with the University’s system administration model. 

Read more about the system administration model at the staff pages

Remember that this applies to IT systems you have developed yourselves as well those which you have purchased. However, it does not apply to university-wide IT systems such as Canvas, Primula or LUCRIS.

You can read more about IT systems and personal data on the IT systems page


The University has developed an online course on information security. It is available for all employees via Kompetensportalen. Encourage your staff to take the course.

You can find out more about the information security course via Kompetensportalen 


Lund University has an external Data Protection Officer; Secure State Cyber AB and the contact person at Secure State Cyber AB is Sanja Hebib.

Do you have questions regarding data protection - please contact:

dataskyddsombud [at] lu [dot] se (dataskyddsombud[at]lu[dot]se)