SYSTEM GOVERNANCE MODEL AT LUND UNIVERSITY Within the University, there is a large number of systems dedicated to providing support in the implementation of education, research and support activities. The aim of system governance is to take a structured approach to ensuring that the systems benefit the organisation and run as cost-effectively as possible. How the University works with support syst

https://www.staff.lu.se/support-and-tools/organisational-development-and-change-management/system-governance-model - 2025-04-27

Lund University processes personal data in accordance with the EU's General Data Protection Regulation (GDPR) and the Swedish Data Protection Act. On these pages, you will find information, advice, and support for the processing of personal data within the university's operations. What is the purpose of GDPR?The General Data Protection Regulation  (GDPR) has two fundamental purposes. On the one ha

https://www.staff.lu.se/support-and-tools/personal-data-and-data-protection - 2025-04-27

On the sub-pages below you will find general information and support for GDPR matters relating to laws, principles, consent et cetera. You will also find answers to Frequently Asked Questions (FAQs). Please click on each link below in order to attain further information regarding:Laws and regulationsResponsibility for personal dataLegal basisGeneral principles for personal data processingInformati

https://www.staff.lu.se/support-and-tools/personal-data-and-data-protection/general-information - 2025-04-27

Here you will find information on selected areas of work, in which the processing of personal data is a common occurrence. Information on processing of personal data for staff working with:ResearchEducation - student contactExternal engagement and communicationHuman resourcesFinanceManagementCommittees and boardsIT systems  Contact Lund University has an external Data Protection Officer; Secure St

https://www.staff.lu.se/support-and-tools/personal-data-and-data-protection/area-specific-information - 2025-04-27

Laws and ordinancesThe GDPR (General Data Protection Regulation) is an EU-wide law, but it is complemented with laws and regulations in each country. In addition to laws and regulations, Sweden has carried out a range of preliminary work that shows the intention of legislators. GDPR regulates aspects such as:What is personal data?What is sensitive personal data?What is the legal basis for processi

https://www.staff.lu.se/support-and-tools/legal-records-management-and-data-protection/personal-data-and-data-protection-gdpr/general-information-and-support/laws-and-regulations - 2025-04-27

In order to process personal data, you must have a legally valid reason, a so-called legal basis, for why processing should be carried out. For those working at Lund University, there are five legal bases of which the most common ones in education, research, and collaboration are the task of public interest and exercise of public authority 1. Task of public interestTask of public interest  is the

https://www.staff.lu.se/support-and-tools/personal-data-and-data-protection/general-information/legal-basis - 2025-04-27

When is consent needed?In most cases you do not need to ask for consent, as personal data processing at the University is often supported by another legal basis. Nevertheless, there are instances when you do need to ask for consent, for example from people who are not actively involved in the University’s operations in situations such as:recruitment of staff and studentsadministration of lists or

https://www.staff.lu.se/support-and-tools/personal-data-and-data-protection/general-information/legal-basis/consent - 2025-04-27

Article 5 of the EU’s General Data Protection Regulation (GDPR) includes general principles for how personal data is to be processed. These principles act as guidelines for how you are to process personal data. Lawfullness, fairness and transparency All processing of personal data is to be lawful, fair and characterised by transparency.Based on this principle, data subjects have the right to reque

https://www.staff.lu.se/support-and-tools/legal-records-management-and-data-protection/personal-data-and-data-protection-gdpr/general-information-and-support/general-principles-personal-data-processing - 2025-04-27

Checklists When you process personal data, you need to inform the data subject (your target group/s) about the processing regardless of whether consent or another legal basis applies. We provide checklists to help you share the required information with the data subject.Checklists as a mean for information Who are the checklists for?The following checklists are intended for use by staff and studen

https://www.staff.lu.se/support-and-tools/personal-data-and-data-protection/general-information/information-data-subjects - 2025-04-27

Information and templates When is a data processing agreement required?When the University engages or collaborates with another organisation that processes personal data for which the University is responsible, a data processing agreement between the parties is to be set up. The data processing agreement is usually a separate agreement which is distinct from the agreement that regulates the conten

https://www.staff.lu.se/support-and-tools/personal-data-and-data-protection/general-information/data-processing-agreements-dpa - 2025-04-27

When a person contacts you via email, you need to remember to inform the person about how the University processes personal data, while also considering how you manage and store emails. How do I provide information?You can inform the email recipient in a simple way by including the following text in your email signature:In Swedish: "När du skickar e-post till Lunds universitet behandlar vi dina pe

https://www.staff.lu.se/support-and-tools/personal-data-and-data-protection/general-information/emails - 2025-04-27

What is personal data?Who is responsible for personal data processing at Lund University?When and how are you to process personal data?What is "sensitive" personal data?Does the GDPR affect how you process personal data collected before 25 May 2018?How are we to process personal data in everyday work?How are contact details for next of kin to be managed?How are you to inform the data subjects?What

https://www.staff.lu.se/support-and-tools/personal-data-and-data-protection/general-information/faqs - 2025-04-27

Registration of personal data processingAll research projects that involve personal data processing are to be registered in Personal Data Lund University (PULU). This also applies if you have registered your research project previously.Above all, it is a matter of public confidence and the University’s credibility. People who participate in research projects must be able to trust that the Universi

https://www.staff.lu.se/support-and-tools/legal-records-management-and-data-protection/personal-data-and-data-protection-gdpr/area-specific-information/research - 2025-04-27

Lund University is to be a safe and secure workplace for employees, students and visitors. To achieve this, employees and students are required to follow the security procedures that apply. On the following pages you will find security information that is relevant for those who work at the University. Important aspects to consider Study the evacuation plans shown on the signs and familiarise yours

https://www.staff.lu.se/support-and-tools/security - 2025-04-27

Personal data processing in contact with students Information about processing students’ personal data can be found on education.lu.se: Personal data and data protection in education and when in contact with students  Contact Lund University has an external Data Protection Officer; Secure State Cyber AB and the contact person at Secure State Cyber AB is Sanja Hebib.Do you have questions regarding

https://www.staff.lu.se/support-and-tools/personal-data-and-data-protection/area-specific-information/education-student-contact - 2025-04-27

External engagement with wider society and providing information on our activities is a part of the University’s mission. This means that the legal basis for processing is that the personal data is of public interest. You are permitted to process personal data in external engagement and to inform without asking for consent, but only if this involves necessary personal data. Necessary personal data

https://www.staff.lu.se/support-and-tools/legal-records-management-and-data-protection/personal-data-and-data-protection-gdpr/area-specific-information/external-engagement-and-communication - 2025-04-27

Internal newslettersNewsletters that are sent internally only to University staff are considered part of the information they require to carry out their duties. This means you may collect contact details of internal recipients for internal newsletters without needing to ask for consent. You are also not required to provide special information to staff about doing this.External newslettersYou must

https://www.staff.lu.se/support-and-tools/legal-records-management-and-data-protection/personal-data-and-data-protection-gdpr/area-specific-information/external-engagement-and-communication/newsletters - 2025-04-27

The legal basis for processing personal data for eventsTo handle personal data, you must have a legal basis. Common legal bases for collaboration and external communication are tasks of public interest. If you're unsure about the legal basis, such as choosing between tasks of public interest and consent, please contact the data protection officer. What information do I need to provide to external

https://www.staff.lu.se/support-and-tools/legal-records-management-and-data-protection/personal-data-and-data-protection-gdpr/area-specific-information/external-engagement-and-communication/public-events - 2025-04-27

Please contact infomaster [at] eken [dot] lu [dot] se (infomaster[at]eken[dot]lu[dot]se) for information on personal data processing in financial matters.  Contact Lund University has an external Data Protection Officer; Secure State Cyber AB and the contact person at Secure State Cyber AB is Sanja Hebib.Do you have questions regarding data protection - please contact:dataskyddsombud [at] lu [dot]

https://www.staff.lu.se/support-and-tools/personal-data-and-data-protection/area-specific-information/finance - 2025-04-27

Within human resources, personal data is processed for both staff and non-employees. For example, it may relate to recruitment, salary reviews or rehabilitation matters. When you process personal data within the area of human resources you must make sure you comply not only with the data protection legislation, but also other applicable laws and regulations (for example the Archives Act, and the P

https://www.staff.lu.se/support-and-tools/personal-data-and-data-protection/area-specific-information/human-resources - 2025-04-27