General Data Protection Regulation (GDPR)

On 25 May 2018, the General Data Protection Regulation (GDPR; Swedish: dataskyddsförordningen, DSF) came into force, replacing the Personal Data Act (Swedish: personuppgiftslagen, PUL).

This brought with it significant changes in terms of how personal data were handled. The aim was to reinforce the right to privacy and to adapt legislation on how to handle personal data to the digital society. Another aim was to harmonise EU legislation in this field, thus facilitating information flow within (but not from) the EU.

As a consequence of the new legislation, all organisations, including Linnaeus University, need to handle and record personal data in a more stringent way than before, and to provide anyone who is registered in some way with clearer and more comprehensive information. 

The GDPR in brief

The new legislation places high demands on the university in terms of how personal data should be handled, but it also provides clearer guidelines as regards the handling of data and responsibility. Among other things, the GDPR involves:

  • data minimisation – collection and processing of data shall be limited to what is necessary;
  • storage limitation – personal data must only be stored for the amount of time necessary;
  • increased focus on the integrity and confidentiality of personal data;
  • accountability – GDPR compliance must be documented;
  • transfer to third country – data can only be transferred to third countries in compliance with legislation.

GDPR does not affect

  • the current Ethical Review Act;
  • the Freedom of the Press Act;
  • the Fundamental Law on Freedom of Expression;
  • the Public Access to Information and Secrecy Act

What is personal data?

Personal data is information that relates to a living individual, such as, for instance:

  • Names
  • Personal identity numbers
  • Photos
  • Audio recordings
  • Registration numbers

Sensitive personal data

Sensitive personal data is personal data pertaining to

  • health,
  • ethnicity,
  • political opinions,
  • sexual orientation

Coming up

An in-depth course package for students, researchers, administrative staff and teachers is under development in MyMoodle. More information will follow shortly; keep a lookout on the staff pages! In the meantime, further information can be found here: The General Data Protection Regulation (GDPR) - Integritetsskyddsmyndigheten (imy.se)

For more information about GDPR

Contact data protection officer (dataskyddsombud@lnu.se) Mattias Bengtsson.