GDPR will result in changes and more frequently clarification when it comes to how an individual's personal data is processed. Its aim is to ensure personal data is processed in a correct and legal manner so as to protect the individual.
Personal data refers to all sorts of information that can be linked to an individual person - for example, name, address, photographs, and films in all forms of media (social, website, recordings).
GDPR means a number of changes for anyone who processes the personal data of others and also means greater protection for the individual. At Dalarna University, we need to process certain personal data for our daily operations. This serves as a so-called legal basis.
How does this affect students?
The new GDPR will mean the way in which personal data is processed is clearer: for example in the case of degree projects. An application must be made and there must be a legal basis. A legal basis may involve a contract or consent.
In the case of the processing of sensitive personal data - such as ethnicity, political views, religion, philosophical conviction, membership in a union, health, sexuality - then this, just as before, will be put to Dalarna University's Research Ethics Committee for ethical review.
GDPR applies when personal data is processed completely, or partially, automatically or manually, and is linked to a searchable register. For example, with the use of databases, web surveys, social media, and sound and image recordings. The participants of these har the right to know how their personal data is processed in accordance with the demands set by GDPR.
Collected data can only be used for the purpose that is stated in the information. In cases of a study, the data must be necessary for its purpose and will not be saved longer than is necessary. When it comes to student work, therefore, collected data can in normal cases be deleted after the work has received a passing grade if there are no plans to use it in future studies (that participants have given consent for).
Apply for Processing of Personal Data
If personal data is going to be processed, then an application must always be made: you do this by completing the form "Anmälan om behandling av personuppgifter": Find this on our webpage Personuppgifter & dataskydd: Forskare. You submit this completed form to dataskydd@du.se. A legal basis in terms of student work is consent.
What is consent?
Consent is when you give permission for your personal data to be processed. You have the right to withdraw your consent. Consent should be given in writing. The University must be able to show that consent was obtained in the case of, for example, the publication of pictures.
When it comes to student work that includes personal data, consent is required. The University must have archived documentation proving consent.
Read more about GDPR on the EU website.