FAQ on the personal data process registration

According to the General Data Protection Regulation (GDPR) KI shall maintain a record of processing activities relating to personal data under its responsibility. Here you find responses to frequently asked questions on personal data process registrations according to the GDPR. If you can't find the answer to your question, please email dataskyddsombud@ki.se

Is the system to register processing activities at KI only available in Swedish?

Yes, it is only available in Swedish. There are however instructions in English here.
 

Should every individual spreadsheet that contains personal data be registered?

The registration should be done for different types processing activities concerning personal data. For spreadsheets and other types of documents that are available in many similar versions can in most cases be regarded as one processing activity and can therefore be combined and reported as one single processing activity. To combine different documents and report it as one processing activity requires that the personal data and purposes are similar in the different documents.
The research group leader is responsible for the research and are therefore also responsible for determining the level at which the registration should be made. Even though the group leader is responsible for the registration it may be delegated to someone else within the research group.

What personal data processing activities should the directors of education, doctoral education and the head of administration report?

These roles are responsible for registering personal data processing activities that are being performed outside of the KI central systems. In some situations, registration may be unnecessary, for example if the processing activity is very limited, does not process any sensitive/special categories of personal data, and will only pertain for a very short period. In hesitation, please contact dataskyddsombud@ki.se

How do I report processing of personal data?

The registration of processing of personal data will be done through an electronic form. The form that can be found here. As soon as the form is completed, this will be communicated. You can be preventative and start to describe what types of processing activities that is being carried out within your area of work even though the form is not yet completed.

MG
Content reviewer:
17-01-2024