This is an old revision of the document!
All the information that can be linked to a natural person is considered personal data. Please see the definition of the Swedish Data Protection Authority:
Specifically, for example, data such as
may be personal data if they, either separately or together in combination, may be linked to a natural person.
In Sweden, the handling of personal information is regulated in the data protection regulation (DSF) that supersedes the previous personal data act (PUL). DSF is based on EU directives for the handling of personal data (GDPR).
All processing of personal data is covered by the rules of the DSF, including electronic processing1). An important basic rule in the DSF is that personal data must not be spread further without restrictions, and those handling personal data must take the necessary measures to ensure that this does not happen.
One example where it is important to keep track of the spread of personal data, is in electronic handling and saving and storing of documents. Working drafts containing personal data may, for example, only be stored on those cloud services online that are fulfilling the requirements of the DSF by agreement. LU Box and Office 365 / OneDrive meets those requirements, but not Dropbox, iCloud, and many other popular cloud services. Please see cloud services for a comparison.
In a very similar way, this also applies to other services that store personal data outside of the university. Doodle, a free online service for creating polls, stores personal data outside of the university and does not have a contract with the university, and is therefore not allowed from a personal data perspective.
It is okay to store personal data on servers owned by the university, such as the university SharePoint or file servers at your office or department, provided that the management of those data otherwise meets the requirements of the DSF.
At the following page you will find useful information in English from the Swedish Data Protection Agency: