- Support and service
- Personal data and data protection
Personal data and data protection
Linnaeus University processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Swedish Data Protection Act (2018:218) with supplementary provisions to the EU General Data Protection Regulation).
The General Data Protection Regulation (GDPR):
- protects individuals’ rights to personal data protection
- harmonises data protection laws across the EU.
The GDPR establishes several key principles for privacy protection. These principles include lawfulness, accuracy, and transparency, which require that personal data is processed fairly and openly.
When collecting data, the principle of purpose limitation applies, meaning that data may only be collected for specific, explicit, and legitimate purposes, and any further processing must be compatible with these purposes. Another key principle is that of data minimisation, which means that only necessary data may be collected and processed. Data minimisation also means that data should not be stored for longer than necessary.
The accuracy principle ensures that data is correct and updated when necessary, and that incorrect data is rectified or deleted without delay.
Integrity and confidentiality mean that personal data must be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, as well as accidental loss, destruction, or damage, through appropriate technical and organisational measures.
By adhering to these principles, the GDPR protects individuals’ right to integrity.
Linnaeus University’s processing of personal data
As a public authority, Linnaeus University is permitted to process the personal data necessary to provide education, conduct research, and facilitate collaboration. The university must handle personal data securely and correctly, which includes protecting the data from loss, alteration, or unauthorised access.
All processing of personal data in thesis work and research must be reported to the university.
Personal data breach
If a security incident involving personal data occurs, you must immediately report it to dataskyddsombud@lnu.se. The report must be made no later than 72 hours after the organisation becomes aware of the incident. If you are unsure whether an incident has occurred, contact dataskyddsombud@lnu.se.
What is a personal data breach?
A personal data breach is an incident that results in the accidental or unlawful loss of access to processed personal data or destruction, loss, or alteration of processed personal data, or the unauthorised disclosure of or access to processed personal data.
Further information
In English: The General Data Protection Regulation (GDPR) - Integritetsskyddsmyndigheten (imy.se)
In Swedish: En introduktion till Dataskyddsförordningen - Integritetsskyddsmyndigheten (imy.se)
For more information, please contact Data Protection Officer Jesper Wokander at dataskyddsombud@lnu.se, or Information Security Coordinator Katarina Holm at katarina.holm@lnu.se.