Contact
Personal data breaches must be reported through the IA system.
Register the processing of personal data
Last changed: 15 November 2024
As data controller, SLU must be able to demonstrate that we process personal data in a manner that complies with the General Data Protection Regulation (GDPR). This means we need to keep records of all our processing operations, describing how the processing is carried out.
Responsibilities and types of processing
Four different types of treatment can be registered. The following describes how the responsibilities for the different types are divided. This does not imply that the person responsible is the person who must register new processing operations. However, the person responsible must ensure that all staff within the department/division/unit are aware that new processing must be registered. The person responsible is also responsible for ensuring that the annual audit is carried out.
System
The information owner is responsible for registering it. ‘System’ refers to IT systems that store or otherwise process personal data. A system may have multiple purposes, and all of them must be stated when registering.
Other processing
Processing that does not take place solely in an IT system must be registered as the type 'Other processing'. Examples of other processing include processing that takes place by storing personal data in restricted folders. Heads of department, heads of unit or administrative managers at the departments are responsible for ensuring that this type of processing is registered.
Research projects
Heads of department are responsible for ensuring that research projects are registered. If a research project, at any stage, processes the personal data of research subjects, it must be registered even if the final result does not contain personal data. For example, work that includes contact details of research subjects for conducting interviews must be registered. On the other hand, projects that only contain contact details of research partners/organisations should not be registered.
Independent projects
Supervisors of independent projects (degree projects) are responsible for ensuring that these projects are registered if, at any stage, they involve processing personal data. This applies even if the final result does not contain personal data. For example, processing that involves contact details for conducting interviews must be registered.
Processing that does not need to be registered
The procedures for registering personal data processing list the types of processing that do not need to be registered.
Register new processing or view registered processing
Fields on the registration form marked with * are mandatory. The registration form is only available in Swedish - ask a colleague for help if necessary.
Register new processing of personal data
View registered processing of personal data
Links
- Questionnaire in English for registering the processing of personal data
- Terms and concepts in personal data processing