The General Data Protection Regulation requires a legal basis for all processing of personal data. Individuals are given greater control over their personal data in various ways. Their right to access data that they have submitted themselves is strengthened, as is the possibility of having information corrected or being forgotten and having information erased. All processing of personal data must comply with the fundamental principles specified in the GDPR.
The GDPR applies to everyone who processes personal data, so it applies to the organisation that is the personal data controller and to anyone processing personal data on behalf of another entity, the personal data processor. Essentially, the GDPR covers all processing of personal data, whether by companies, associations, public authorities or private individuals. The organisation is responsible for compliance and must be able to show that the regulations are being followed. SciLifeLab is a national resource and a collaboration between universities, therefore specific guidelines from each university should be followed. To facilitate your compliance with GDPR general information has been collected below.
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the law. Examples of personal data are: name and surname, home address, email address, Internet Protocol (IP) address, genetic data, data concerning health.
Personal data processing is legal if there is valid consent for the processing or if the processing is necessary to fulfil a contract or a legal obligation. It is also legal if the processing is needed to carry out a task in the public interest or in the exercise of official authority vested in the controller. More explicitly the legal bases are:
GDPR also has implications on how to handle research data. Therefore new legal framework will be presented during 2019. Read the interim report here (in Swedish)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.