This is an old revision of the document!
All the information that can be linked to a natural person is considered personal data. Please see the definition of the Swedish Data Protection Authority:
Specifically, for example, data such as
may be personal data if they, either separately or together in combination, may be linked to a natural person.
In Sweden, the handling of personal information is regulated in the personal data act (PUL). This is based on EU directives for the handling of personal data.
All processing of personal data is covered by the rules of the PUL, including electronic processing1)). An important basic rule in the PUL is that personal data must not be spread further without restrictions, and those handling personal data must take the necessary measures to ensure that this does not happen.
One example where it is important to keep track of the spread of personal data, is in electronic handling and saving and storing documents. Working drafts containing personal data may, for example, only be stored on those cloud services online that are fulfilling the requirements of the PUL by agreement. LU Box and Office 365 / OneDrive meets those requirements, but not Dropbox, iCloud, and many other popular cloud services. Please see cloud services for a comparison.
It is also okay to store personal data on servers owned by the university, such as the university SharePoint or file servers at your office or department, provided that the management of those data otherwise meets the requirements of the PUL.
At the following page you will find useful information in English from the Swedish Data Protection Agency: