Skip to main content

You're visiting the Staff Portal without being logged in. If you login you will get access to personalized content. Log in External users Forget previous

  • Students
  • Staff
  • Alumni
  • Media
Support / Help pages
Uppsala university
  • På svenska
  • Log in
    • Joint Web Login
    • Forget previous External users
    • Unsure of how to login?
  • Uppsala university
  • MP Start
  • Your Employment
    • Salary
    • Staff organizations
    • Working hours
    • Working environment and occupational health
    • Termination of employment
    • Outside activities
    • Wellness
    • Priority for an increased level of employment
    • Employee benefits
    • Insurances
    • Parental leave and sick child leave
    • Introduction for new employees
    • Career
    • Union agreements
    • Continuing professional development
    • Get to know your university
    • Networks
    • Retirement
    • Vacation
    • Sickness absence and return to work
    • Other types of leave
  • Services and Support
    • Purchasing and procurement
    • Forms
    • Campus
    • General Data Protection Regulation
    • Diarieföring & arkivering
    • Financial administration
    • Insurances
    • Handböcker
    • Internationalisation
    • IT and Telephony Services
    • Juridik, dokument- och ärendehantering
    • Communication
    • Skills supply and recruitment
    • Arrange conference/travelfree meetings
    • Crisis and crisis support
    • Lokaler
    • Environmental work
    • Travel
    • Studentrekrytering
    • Security
    • Uppdragsutbildning
  • Research
    • Research agreements
    • Horizon Europe
    • Phd Studies
    • Research ethics
    • Research Data
    • Research networks
    • Geodata och GIS
    • Infrastructure and resources
    • Press and media
    • Publish and register
    • Rådet för forskning
    • Innovation Support
    • Forskningsstöd - samverkan
    • Quality and Renewal
    • Uppsala University's Research Handbook
  • Teaching
    • Distance teaching
    • E-learning
    • Juridik och ramverk
    • Conferences, courses and seminars
    • Quality and evaluation
    • Läsår, terminer och perioder
    • Educational development
    • Rådet för utbildning
    • The Language Workshop for Teachers
    • Student administration
    • Teacher service
    • Stöd och service till studenter
    • Educational framework
    • Our courses and programmes
  • Our UU
    • Academic Traditions
    • Alumni activities
    • Fundraising, donationer och sponsring
    • International networks
    • Event Calendar
    • Mission, Goals and Strategies
    • Available positions
    • Organisation and governance
    • Organisational development
  • Directory
  • MP Start
  • Your Employment
  • Services and Support
  • Research
  • Teaching
  • Our UU
  • Directory
!
Support and help
  • Services and Support/
  • General Data Protection Regulation/
  • Go to Services and Support General Data Protection Regulation
    • Guidelines
    • Personuppgiftsincident
    • Third country Transfers
    • Data Protection Impact Assessment

General Data Protection Regulation

General Data Protection Regulation (GDPR) – how it works

The General Data Protection Regulation (which entered into force on 25 May 2018) has significant consequences for the way we process personal data in our activities. We have to provide clear information about who is responsible for all processing of personal data, e.g. storage, communication and calculations, and how this is organised.

 

We are still allowed to process personal data, but there has to be a clearly specified purpose, the processing must be necessary for the purpose and there must be a lawful basis for the processing. All personal data must be protected using technical and other measures.

 

Personal data processing must be notified and recorded centrally. You will find links for this under point 5 below.

Data protection policy – here you can read about how Uppsala University processes personal data.

 

Further information about:

  1. Personal data and sensitive personal data

  2. Processing of personal data

  3. Lawful/legal basis

  4. Personal data processing in different activities. Information to follow shortly.

  5. Notification of personal data processing

  6. Technical safeguards

  7. Individuals’ rights

  8. Brexit

  9. Contact details

1a. Personal data

  • Any information relating to an identified or identifiable person, e.g.:

  • a name

  • an identification number

  • location data or an online indicator

  • one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

1b. Sensitive personal data

  • Racial or ethnic origin.

  • Political opinions.

  • Religious or philosophical beliefs.

  • Trade union membership.

  • Health.

  • Sex life or sexual orientation.

  • Genetic data.

  • Biometric data that uniquely identify a person.

2. Processing of personal data

‘Processing’ means anything done with personal data, e.g. collection, recording, storage, adaptation, dissemination.
 

3. Lawful basis

All processing of personal data must have a lawful basis (a legal ground). There are six lawful bases:

  1. Consent: must be informed, freely given and given by a positive action.

  2. Contract: to perform a contract or at the request of the data subject before entering into a contract.

  3. Legal obligation: if the processing of personal data is necessary to comply with other legal provisions.

  4. Protection of vital interests: if the processing is necessary to protect someone’s vital interests (e.g. in health care).

  5. Task carried out in the public interest or in the exercise of official authority: if the purpose of the processing is deemed to be of public interest (e.g. research, studies) or if the processing is necessary in the work of a public authority.

  6. Legitimate interests (balance of interests): if legitimate interests in processing outweigh the interest of protecting an individual’s rights. (This basis cannot be used by a public authority when performing its official tasks.)

4. Personal data processing in different activities

The introduction of the GDPR means that everyone who processes personal data must review their procedures and consider how they can best look after the rights of the people whose personal data they are processing. This does not mean that personal data processing is no longer allowed. Personal data may be processed as long as it is done in the right way.

You may process personal data if the processing meets all the following criteria:

  • The processing is necessary. (The task cannot be performed without personal data.)

  • The processing has a lawful basis.

  • The processing complies with the general principles.

  • The processing is protected by organisational and technical safeguards.

If you would you like to find out more about this, read the information in the roles listed below. Do have a look at the information in role descriptions other than your own. The more knowledge we can spread about the GDPR, the better we can protect individuals’ rights.

  • Head of division/head of department

  • Doctoral student

  • Financial administrator (staff in financial administration)

  • Email user

  • Teacher

  • Human resources administrator

  • Course administrator – information to follow shortly.

  • Student – information to follow shortly.

  • Systems manager – information to follow shortly.

  • Communications officer – information to follow shortly.

5. How to provide notification of personal data processing

There are two types of processing. Fill in the right form for registration centrally in the University’s main register (W3D3). The notifications will then be compiled into reports for statistical purposes and other follow-up.

  1. The University is the controller: provide notification of your personal data processing here.

  2. The University is processing personal data on behalf of another entity: provide notification that you are processor here.

  3. If you would prefer to register your processing of personal data in English: please use this link.

6. Information security

Personal data processing must be protected by technical and other measures, depending on the consequences that a loss of information, for example, would have.

Information classification is one method you can use to determine what level of protection is necessary and sufficient. More about information security.
 

7. Rights of data subjects

The GDPR provides data subjects with certain rights. In brief, data subjects must be given control over their own data by receiving information about if, when and how their personal data are processed. The GDPR strengthens these rights compared with the Swedish Personal Data Act. In certain cases, data subjects have the right to have their data rectified, erased or blocked. They can also receive their personal data or transfer them to another controller. If you want to exercise your rights, see the contact details below.
 

8. United Kingdoms’ exit of the European Union (EU)

United Kingdom has been approved with an Adequcy decision by the EU in June 2021. Brexit is currently not an issue.

 

If you have questions in general about processing of personal data and Brexit you can pose these to the Data Protection Officer: dataskyddsombud@uu.se

 

If you have questions about an existing or planned data processing agreement with a party in the UK you can pose these to the Legal Affairs Division: juravd@uadm.uu.se

 

9. Contact details

If you need any help, you are welcome to contact the data protection officer, preferably using the questionnaire.

Contact the data protection officer at Uppsala University by email at dataskyddsombud@uu.se

 

Content owner: dataskyddsombud@uu.se 20 juni 2022

Content owner: Åsa Isacson 20 maj 2021

  • På svenska
  • Support and help
Log in
  • Joint Web Login
  • Forget previous External users
  • Unsure of how to login?
  • Contact us
  • Switchboard internal: 987
  • Switchboard external: 018-471 00 00
  • Editorial staff
  • Registrar
  • Whistleblower function
  • Support
  • Accessibility report
  •  
  • Org. nr: 202100-2932
  • VAT-nr: SE202100293201
  • PIC: 999985029
  • Invoice address
  •  
  • In case of emergency
  • Call (00) 112 when life, health or property are at immediate risk.
  • In serious incidents, call the University's emergency number 018‑471 25 00.
  • Emergency checklist
Uppsala University uses cookies to make your website experience as good as possible. Read more about cookies.