The Privacy and Data Protection Function (IDF) supports and reviews activities related the processing of personal data. Our task is to ensure that SLU processes personal data in accordance with the General Data Protection Regulation (GDPR) and Swedish data protection legislation.
IDF consists of employees from Legal Affairs, the Division of IT and SLU Security. Contact information can be found at the bottom of the page.
Our tasks include the following:
Advice and support
We can answer questions on protecting personal data and adjoining legal issues such as camera surveillance and photographing people.
We ensure that SLU complies with data protection legislation. This means that we conduct audits, similar to those conducted by the internal auditors. If processing does not comply with legislation, we can demand that measures be implemented. If processing is not well-documented, we can also require that this is remedied.
We manage the register of all personal data processing carried out at SLU.
If you are responsible for data processing, you must register this by emailing email@example.com.
Risk and impact assessments
When personal data processing is carried out at SLU, a risk assessment must be made in regard to how processing personal data may affect the subjects of the processing. If it turns out that processing someone's personal data involves risks to their freedoms and rights, this must be reported to us. We then make an impact assessment of the planned processing.
We work strategically to ensure that SLU's planned operations follow data
protection legislation, and that the data protection culture at SLU is
satisfactory in general. This can for example concern procurements, purchasing or development of new IT systems or operation development.
We provide training for SLU staff on the regulations that control how we process personal data within our operations.
You can contact us with issues concerning data protection, personal data and privacy.
We investigate any personal data breaches that occur within SLU operations and report them to the university management and the Swedish Data Protection Authority.