Table of contents
- What is Microsoft 365?
- Why Microsoft 365?
- What will be affected by the change?
- Who is affected by the change?
- Are there any risks with Microsoft 365?
Practical information about the transition to Microsoft 365
- When do my preparations need to be completed?
- What happens if I am not finished by 1 April?
- When will the transition to Microsoft 365 take place?
- Will I be able to work while the transition is in progress?
- Is there a risk of data loss during the transition?
- Where can I turn if I need help?
- What is sensitive personal data?
- How should I notify my manager/colleagues when I am ill?
- How do I submit a medical certificate securely?
- What is meant by confidential information?
- What should I do if I am unsure whether information is confidential?
- Which emails must be moved or deleted?
- Am I allowed to delete all old emails?
- How can I send sensitive information securely?
- Which documents must be moved and where should I store them?
- Where should I store sensitive documents that need to be shared with others?
- Is there a backup of my documents?
About Microsoft 365
What is Microsoft 365?
Microsoft 365 is a cloud-based platform for work and collaboration. It brings together email, file management, meetings and collaboration spaces in tools such as Outlook, Teams, SharePoint and OneDrive, making it easy to work securely – both individually and together with others.
Cloud-based means that applications, files and storage are located on servers on the internet rather than on your own computer or on a local server.
This means that you:
-
can access your work wherever you are, as long as you have an internet connection,
-
receive automatic updates and backups,
-
can collaborate with others in real time.
Why Microsoft 365?
It has been decided that SLU will move email, documents and collaboration spaces to Microsoft 365 in order to provide a modern and secure digital platform for collaboration and communication. The aim is to bring our tools together in a shared environment that makes it easier to collaborate, share information and work flexibly, both on campus and remotely.
What will be affected by the change?
SLU’s email, documents and collaboration spaces will be moved to Microsoft’s cloud-based platform Microsoft 365. As a member of staff, you need to be aware of where confidential information and sensitive personal data should be stored. Read more about secure storage in our 3-step guide.
Who is affected by the change?
All staff and students at SLU are affected.
Are there any risks with Microsoft 365?
Cloud services are fundamentally secure and efficient. Microsoft 365 offers stronger protection against data loss, unauthorised access and service disruptions than the current solution.
Questions are sometimes raised about US legislation and the possibility for US authorities to request access to data held by American cloud providers such as Microsoft. In practice, this is very rare and applies only in specific circumstances, such as serious criminal investigations or matters relating to national security.
For everyday work and normal operational information, the use of Microsoft 365 does not entail any increased risk. The services are widely used by Swedish public authorities and are subject to EU data protection regulations.
By following SLU’s guidelines for secure storage, we ensure that the right information is handled in the right place – and that sensitive or protected information is not stored in cloud services where it does not belong. Read more about secure storage in our 3-step guide.
Practical information about the transition to Microsoft 365
When do my preparations need to be completed?
If you have saved emails or documents containing confidential information or sensitive personal data in cloud services such as Outlook, SharePoint, Teams or OneDrive, you must delete or move them no later than 1 April 2026.
What happens if I am not finished by 1 April?
From a legal perspective, SLU as a public authority holds the ultimate responsibility for ensuring that confidential information and sensitive personal data are handled and stored correctly.
At the same time, each member of staff has a personal responsibility to comply with applicable legislation and internal guidelines. Intentional or negligent breaches of the rules governing the handling of confidential information may lead to disciplinary measures and, in some cases, criminal liability, for example in cases of breach of confidentiality.
The legal requirements are not new. You are already expected to handle sensitive information in a secure and appropriate manner. In connection with the transition to Microsoft 365, we therefore wish to reiterate what applies and ensure that information continues to be handled in accordance with legislation and internal policies.
When will the transition to Microsoft 365 take place?
The transition will take place in stages. You will receive an email with information well in advance of the migration in your part of the organisation.
Will I be able to work while the transition is in progress?
The transition to Microsoft 365 is planned so that you will be able to work as normal. Any service interruptions will be communicated well in advance and kept as short as possible.
Is there a risk of data loss during the transition?
The aim and plan are for the transition to take place safely, in a structured manner and with full control. To ensure this, IT security, Legal and Information Security are all closely involved in the process.
Back-ups and established procedures are in place to protect the information. Should anything unexpected occur, there are both technical solutions and support resources available to restore data.
Where can I turn if I need help?
You can contact support@slu.se if you need practical assistance.
Sensitive personal data
What is sensitive personal data?
Sensitive personal data is information that is subject to particularly strong protection under the General Data Protection Regulation (GDPR). This includes information relating to:
-
health,
-
trade union membership,
-
genetic data and biometric data used to identify a person,
-
ethnic origin,
-
political opinions,
-
religious or philosophical beliefs,
-
a person’s sex life or sexual orientation.
How should I notify my manager/colleagues when I am ill?
If you wish to notify illness in a secure way, we recommend that you call. You may also continue to send, for example, an email or chat message stating that you are ill without providing details, but this should be a conscious decision on your part. You must of course continue to register sickness absence in Primula so that you receive the correct pay.
How do I submit a medical certificate securely?
You must submit medical certificates via Primula. Under My Page, you will find Attach file / medical certificate.
Note: Do not forget to delete any email to which a medical certificate has been attached.
Confidential information
What is meant by confidential information?
For a public authority such as SLU, confidential information refers to information that, under the Swedish Public Access to Information and Secrecy Act (OSL), may not be disclosed, as disclosure could cause harm to individuals, the organisation or society.
Examples of information that may be subject to confidentiality include:
-
personal data where disclosure could be detrimental to the individual, for example in staff or student matters,
-
research data that has not yet been published and where disclosure could harm the research or collaborations,
-
information relating to animal husbandry, disease control or security where dissemination could have negative consequences,
-
contractual and procurement information relating to business or competitive interests,
-
security-sensitive information, for example concerning premises, systems or protective measures.
What should I do if I am unsure whether information is confidential?
When in doubt, err on the side of caution and store the information locally on SLU’s server. You can read more about confidentiality on the Staff Web or contact SLU’s legal advisers at juridik@slu.se for guidance
Email management
Which emails must be moved or deleted?
Emails containing confidential information or sensitive personal data must either be deleted, saved on the local server, or moved to a secure folder in Outlook. Read more about this in our 3-step guide.
Note: This is something you need to do on an ongoing basis.
Am I allowed to delete all old emails?
No, you may not delete emails indiscriminately, but Outlook must also not be used as an archive. This means that regular deletion and review are required.
The principle of public access is a collective term for the public’s right to insight into the activities of public authorities. However, this does not mean that all information created or received by an authority must be retained. What must be preserved is regulated by archival legislation and SLU’s governing documents.
You may delete emails that contain:
-
information of minor importance,
-
meeting invitations and calendar bookings,
-
practical messages such as “Are you coming at 10?” or “Thanks!”,
-
private messages.
You must archive/save emails that contain:
-
decisions and approvals that are not registered in the official records,
-
instructions, orders and agreements,
-
documentation relating to cases,
-
communication with external parties that affects operations.
How can I send sensitive information securely?
When you need to send sensitive personal data, confidential information or large files, you must use ZendTo, SLU’s secure file transfer service. To start using the service, you need to register via support@slu.se. The service is then available at zendto.slu.se.
Document management
Which documents must be moved and where should I store them?
If you have saved documents containing confidential information or sensitive personal data in cloud services such as Outlook, SharePoint, Teams or OneDrive, you must delete or move them to SLU’s local server. Read more about this in our 3-step guide.
Note: This is something you need to do on an ongoing basis.
Where should I store sensitive documents that need to be shared with others?
Documents that need to be shared with others (a group with a limited number of SLU users) must be stored in a location called Restricted, which is ordered via IT:
-
Go to support.slu.se
-
Click Servers & Storage Services
-
Select Storage Services
-
Choose Group storage – Restricted folder and follow the instructions
When ordering, specify which users should have access to the storage area.
You will then find your Restricted folder under Favourites in File Explorer. MacOS users must add it manually in Finder.
Is there a backup of my documents?
If individual files are damaged or deleted on SLU’s local server, we can restore them from several points during the day. If the entire storage solution were to suffer a hardware failure, we can restore all data from the most recent nightly copy.
For files saved in OneDrive, SharePoint and Teams, there is a built-in and advanced version history. This means that you can easily revert to earlier versions of a file yourself if needed. Work is currently underway to ensure a local backup of the Microsoft 365 environment, as an additional safeguard should the services, against all odds, become unavailable to us.
Please note: No backup is taken of files saved on your Desktop or locally on your computer (C: drive).