Emails
When a person contacts you via email, you need to remember to inform the person about how the University processes personal data, whilst also bearing in mind how you manage and store emails.
How do I provide information?
You can inform the email recipient in a simple way by including the following text in your email signature:
In Swedish: "När du skickar e-post till Lunds universitet behandlar vi dina personuppgifter i enlighet med gällande lagstiftning. Mer om hur dina personuppgifter behandlas hittar du på Lunds universitets webbplats"
In English: "When you send emails to Lund University, we process your personal data in accordance with existing legislation. To find out more about the processing of your personal data, visit the Lund University website"
You do not need to inform employees and enrolled students at Lund University.
How do I manage emails with general personal data?
The same rules apply for processing whether you are sending emails internally or externally.
Only send personal data to those who need the information for their work (this also applies if the email is a public document that can be requested under the principle of public access to official records). Always consider whether it is possible to anonymize the information.
Remember that our email systems are a tool for communication. They are not intended to be used as storage space or for archival purposes. Make it a routine to delete what should be discarded and save what should be preserved according to the record management plan.
Sensitive and extra protected personal data
Processing of sensitive personal data and extra protected personal data requires stronger protection. Do not send sensitive personal data via email. Also avoid sending extra protected data such as salary statements, assessments of a person’s social ability, information from development talks, information related to someone’s private sphere or social conditions, personal identity numbers or coordination numbers via email.
If you receive sensitive or extra protected personal data via email, do not forward or reply to the email. If you need to respond to the sender, do this in a new email to avoid spreading the information further. Clear the email as soon as possible as indicated above.
Do not forward your service email to email services outside Lund University’s network, such as Gmail, Hotmail, or other services.
More reading
You can read more about security in e-mails on IMYs (Swedish Authority for Privacy Protection) webbpage:
Security of personal data in e-mail
Contact
Lund University has an external Data Protection Officer; Secure State Cyber AB and the contact person at Secure State Cyber AB is Sanja Hebib.
Do you have questions regarding data protection - please contact:
dataskyddsombud [at] lu [dot] se (dataskyddsombud[at]lu[dot]se)