User Tools

Site Tools


en:personal_data

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
en:personal_data [2015-07-03 17:52]
cr created
en:personal_data [2019-06-25 14:33] (current)
cr [More Information]
Line 3: Line 3:
 ===== Personal Data ====== ​ ===== Personal Data ====== ​
  
-All the information that can be linked to a natural person is considered //personal data//​. ​See Data Inspectorate'​s ​definition:+All the information that can be linked to a natural person is considered //personal data//​. ​Please see the definition ​of the Swedish Data Protection Authority:
  
-http://​www.datainspektionen.se/​fragor-och-svar/​personuppgiftslagen/​vad-ar-en-personuppgift/​+  * http://​www.datainspektionen.se/​fragor-och-svar/​personuppgiftslagen/​vad-ar-en-personuppgift/ ​(definition in Swedish)
  
-Concretely, for example, data+Specifically, for example, data such as
  
-  * Name +  ​* Name 
-  * E-mail address +  * E-mail address 
-  * Computer ​Identity +  * Computer ​identity 
-  * Civic +  * Civic status 
-  * Shoe Size+  * Shoe size
  
-be personal data if they either separately or togetherin combination ​so that the information can be linked to a natural person.+may be personal data if theyeither separately or together in combination, may be linked to a natural person.
  
-In Sweden, the handling of personal information in the Personal Data Act (PUL). ​This is based on EU directives for the handling of personal data.+In Sweden, the handling of personal information ​is regulated ​in the data protection regulation (DSF) that supersedes the previous personal data act (PUL). ​DSF is based on EU directives for the handling of personal data (GDPR).
  
-All processing of personal data covered by the rules of the PULso even electronic ​hantering((http://​www.datainspektionen.se/​fragor-och-svar/​personuppgiftslagen/​vad-menas-med-behandling-av-personuppgifter-enligt-personuppgiftslagen/​)). An important basic rule in the PUL is that personal data must not be applied without ​further ​ado and to the handling ​of personal data shall take the necessary measures to ensure that this does not happen.+All processing of personal data is covered by the rules of the DSFincluding ​electronic ​processing((http://​www.datainspektionen.se/​fragor-och-svar/​personuppgiftslagen/​vad-menas-med-behandling-av-personuppgifter-enligt-personuppgiftslagen/ ​(in Swedish) ​)). An important basic rule in the DSF is that personal data must not be spread ​further ​without restrictions, ​and those handling personal data must take the necessary measures to ensure that this does not happen. 
 + 
 +One example where it is important to keep track of the spread of personal data, is in electronic handling and saving and storing of documents. **Working drafts containing personal data may, for example, only be stored on those [[cloud services]] online that are fulfilling the requirements of the DSF** by agreement. [[Box|LU Box]] and [[Office 365]] / [[OneDrive]] meets those requirements,​ but **not** [[Dropbox]],​ iCloud, and many other popular cloud services. Please see [[cloud services]] for a comparison. 
 + 
 +In a very similar way, this also applies to other services that store personal data outside of the university. [[Doodle]], a free online service for creating polls, stores personal data outside of the university and does not have a contract with the university, and is therefore **not** allowed from a personal data perspective. 
 + 
 +It is okay to store personal data on servers owned by the university, such as the university [[SharePoint]] or [[explorer|file servers]] at your office or department, provided that the management of those data otherwise meets the requirements of the DSF. 
 + 
 +At the following page you will find useful information in English from the Swedish Data Protection Agency: 
 + 
 +  * http://​www.datainspektionen.se/​in-english/​cloud-services/​ 
 + 
 + 
 +===== More Information ===== 
 + 
 +==== Online education about GDPR and personal data at higher education in Sweden ==== 
 + 
 +  * https://​canvas.education.lu.se/​enroll/​TMGEML 
 + 
 +==== More information on the LU web ==== 
 + 
 +  * https://​www.staff.lu.se/​support-and-tools/​legal-and-records-management/​personal-data-and-data-protection 
 +  * https://​www.staff.lu.se/​support-and-tools/​legal-and-records-management/​personal-data-and-data-protection/​general-information-and-support/​general-principles-for-personal-data-processing 
 +  * https://​www.staff.lu.se/​support-and-tools/​legal-and-records-management/​personal-data-and-data-protection/​general-information-and-support/​data-processing-agreements
  
-One example where it is important to keep track of the spread of personal data in electronic handling and saving and storing documents. ** Working document containing personal data may for example only be stored on the [[cloud services]] Online meeting the requirements of the PUL ** by agreement. [[Box | LU Box]] and [[Office 365]] / [[OneDrive]] meets the requirements,​ but ** not ** [[Dropbox]],​ iCloud, and many other popular cloud services. See [[cloud services]] for a comparison. 
  
-It is also okay to store personal data on servers owned by the university, such as the university [[SharePoint]] or file servers in your office or your department, provided that management otherwise meet the requirements of the PUL. 
en/personal_data.1435938738.txt.gz · Last modified: 2015-07-03 17:52 by cr