Contact
Personal data breaches must be reported immediately in the IA system.
As data controller, SLU must be able to demonstrate that we process personal data in a manner that complies with the General Data Protection Regulation (GDPR). This means we need to keep records of all our processing operations, describing how the processing is carried out.
Four different types of treatment can be registered. The following describes how the responsibilities for the different types are divided. This does not imply that the person responsible is the person who must register new processing operations. However, the person responsible must ensure that all staff within the department/division/unit are aware that new processing must be registered. The person responsible is also responsible for ensuring that the annual audit is carried out.
The information owner is responsible for registering it. ‘System’ refers to IT systems that store or otherwise process personal data. A system may have multiple purposes, and all of them must be stated when registering.
Processing that does not take place solely in an IT system must be registered as the type 'Other processing'. Examples of other processing include processing that takes place by storing personal data in restricted folders. Heads of department, heads of unit or administrative managers at the departments are responsible for ensuring that this type of processing is registered.
Heads of department are responsible for ensuring that research projects are registered. If a research project, at any stage, processes the personal data of research subjects, it must be registered even if the final result does not contain personal data. For example, work that includes contact details of research subjects for conducting interviews must be registered. On the other hand, projects that only contain contact details of research partners/organisations should not be registered.
Supervisors of independent projects (degree projects) are responsible for ensuring that these projects are registered if, at any stage, they involve processing personal data. This applies even if the final result does not contain personal data. For example, processing that involves contact details for conducting interviews must be registered.
The procedures for registering personal data processing list the types of processing that do not need to be registered.
Fields on the registration form marked with * are mandatory. The registration form is only available in Swedish - ask a colleague for help if necessary.
Register new processing of personal data
View registered processing of personal data
Personal data breaches must be reported immediately in the IA system.