The browser you are using is not supported by this website. All versions of Internet Explorer are no longer supported, either by us or Microsoft (read more here: https://www.microsoft.com/en-us/microsoft-365/windows/end-of-ie-support).

Please use a modern browser to fully experience our website, such as the newest versions of Edge, Chrome, Firefox or Safari etc.

Laws and regulations

På svenska

Laws and ordinances

The GDPR (General Data Protection Regulation) is an EU-wide law, but it is complemented with laws and regulations in each country. In addition to laws and regulations, Sweden has carried out a range of preliminary work that shows the intention of legislators. GDPR regulates aspects such as:

  • What is personal data?
  • What is sensitive personal data?
  • What is the legal basis for processing personal data?
  • What rights do data subjects have?
  • Each country is to have a supervisory authority.

Below are links to the EU’s GDPR in Swedish and English. The documents open in a new window.

Swedish supplementary regulations

Data Protection Act

In Sweden, there is a new Data Protection Act that complements the EU regulation. The Swedish Data Protection Act states that:

  • the act or other ordinance, collective agreement or a decision that has been communicated with the legal authority of the act or other ordinance constitute a legal obligation
  • a public task is to be covered by the act or other ordinance, collective agreement or a decision that has been communicated with the legal authority of the act or other ordinance
  • personal identity numbers warrant special protection
  • administrative penalties may be charged by public authorities.

Data Protection Act (2018:218) (PDF, 1.15 MB)

Data Protection Ordinance

There are also complementary provisions to the EU’s GDPR, which among other things stipulate the procedure for administrative penalties. The document below is in Swedish. 

Data Protection Ordinance (2018:219)  (PDF, 4.94 MB)

Preliminary work

Investigations

The conclusions of the investigations include in-depth discussion on the consequences of the new EU regulation. Three of the reports are of special interest to the higher education sector. Below are links to the reports. The documents are in Swedish. 

Bills

The arguments and proposals were then processed by the Government which in turn put forward three different bills that present their proposals. These bills were then passed by the Swedish parliament. All the documents below are in Swedish. 

Bill 2017/18:105 New data protection act

Here the Government states among other things that the Public Access to Information and Secrecy Act and the Archives Act continue to apply in the same way as today.

2017/18:105 New data protection act, in Swedish, (PDF, 2.58 MB)

Bill 2017/18:218 Processing of personal data in the higher education sector

Here the Government states among other things that:

  • education is a public task. This means that the university is allowed to process personal data that is necessary for conducting education.
  • education is also a matter of important public interest. This may entail the processing of sensitive personal data in certain cases.

Bill 2017/18:218 Processing of personal data in the education sector,  (PDF, 3.76 MB)

Bill 2017/18:298 Processing of personal data for research purposes

 Bill 2017/18:298 Processing of personal data for research purposes (PDF, 3.72 MB)

 

Contact

Lund University has an external Data Protection Officer; Secure State Cyber AB and the contact person at Secure State Cyber AB is Sanja Hebib.

Do you have questions regarding data protection - please contact:

dataskyddsombud [at] lu [dot] se (dataskyddsombud[at]lu[dot]se)

Page manager: maria [dot] hedberg [at] rektor [dot] lu [dot] se | 7 Mar 2024