Contact
Personal data breaches must be reported through the IA system.
As data controller, SLU must be able to demonstrate that we process personal data in a manner that complies with the General Data Protection Regulation (GDPR). This means we need to keep records of all our processing operations, describing how the processing is carried out.
Four different types of processing can be registered. For each type, someone is designated as responsible for registering the processing. This does not mean that the person responsible is the person who has to register. However, those responsible must ensure that all staff at the department/division/unit know that registration is a requirement. The person responsible is also responsible for ensuring that the annual audit is carried out.
The maintenance manager of a system is responsible for registering it. ‘System’ means an IT system that stores or otherwise processes personal data. A system may have several purposes and all purposes must be stated when registering.
Processing that does not take place solely in an IT system must be registered as the type 'Other processing'. Examples of other processing include processing that takes place by storing personal data in restricted folders. Heads of department, heads of unit or administrative managers at the departments are responsible for ensuring that this type of processing is registered.
Heads of department are responsible for ensuring that research projects are registered. If a research project, at any stage, processes the personal data of research subjects, it must be registered even if the final result does not contain personal data. For example, work that includes contact details of research subjects for conducting interviews must be registered. On the other hand, projects that only contain contact details of research partners/organisations should not be registered.
Supervisors of independent projects (degree projects) are responsible for ensuring that these projects are registered if, at any stage, they involve processing personal data. This applies even if the final result does not contain personal data. For example, processing that involves contact details for conducting interviews must be registered.
Fields on the registration form marked with * are mandatory. The registration form is only available in Swedish - ask a colleague for help if necessary.
Register new processing of personal data
View registered processing of personal data
Some of the processing you do is likely part of more comprehensive processing which has already been registered. This is above all the case for processing that concerns
If you are not sure whether you need to register a processing activity, you should always register it to be on the safe side. You can find more information on the frequently asked questions page.
Sensitive personal data is data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
Personal data breaches must be reported through the IA system.