GDPR at LIME
The General Data Protection Regulation (GDPR, or Dataskyddsförordningen) for the processing of personal data came into force on May 25 2018 in Sweden as in all other EU countries. The regulation implies a number of changes for those who process personal data. It also implies improved rights for data subjects.
How does GDPR affect us?
We have to adjust to the new rules. There will be changes ahead.
What do we need to do?
- Document and register how we process of personal data
- Make sure that we handle personal data in a correct and secure way
- Construct a record of processing activities for the department
GDPR regulates how personal data is used. The work involved in securing that we are handling personal data in a correct and secure way is rather extensive. In order to ensure that KI complies with GDPR, a joint implementation project has been initiated.
Register processing activities of personal data
At LIME and GPH we have been using an Excel form to document processing activities. Use the template when registering the processing of personal data.
Excel template for registering personal data
Web form to register processing activities
There is also a web form available to register processing activities. Using this web form is mandatory for all processing activities and a requirement for KI to be able to fulfill its legal obligations according to GDPR.
Who is responsible for the registration and who can register in the web form?
Everyone with a KI-ID may register processing activities. The responsibility for making sure this is done is with the research group leader, Departmental Director of Education (GUA), director of doctoral education. However, it could be an advantage if an employee with knowledge of the processing activity is the one who registers them.
Continue using the Excel form as a supplement
The current version of the web form has some important limitations. It is unfortunately not possible to edit a filed documentation of a processing activity. It is also not possible to review filed documentations to get an overview of your groups processing activities. To work around these limitations we recommend you use the Excel form we have written as a complement to the web form.
We suggest the following steps when documenting processing activities of personal data:
- Fill out the Excel form and send to firstname.lastname@example.org
- The form is reviewed by Linus Askenfelt and Ludvig Andersson.
- Any suggested changes are implemented in the form.
- The information from the document is used when you submit the web form.
- The Excel document is updated with the reference number given when completing the web form.
If you have any questions, do not hesitate to contact us at email@example.com