Data that contains personal information has to be handled according to certain regulations, note that:
- all handling of personal information must to be reported to the university’s personal data protection officer.
- informed consent is usually a requirement when you collect personal data. Read more about personal data and written consent on the Lund University Staff Pages.
- sensitive information such as interviews (audio files and transcriptions), survey responses, and consent documents, should be stored in a secure location. For example, use a strongbox or on secure server space.
- It must be decided how codes, de-identification of data, and encryption keys are to be managed.
The new General Data Protection Regulation (GDPR) that takes effect 25th May 2018, sets stricter requirements on how personal data may be managed at the university. The team that has worked to prepare the university for this transition, has compiled an FAQ that addresses many practical implications once the regulation takes effect.