1.5 Roles and responsibilities

For all personal data processing, from an individual student's thesis work to research projects and administrative systems, there is one controller who is responsible for the processing carried out within the university, the university. It is Linnaeus university which is ultimately responsible for all the processing of personal data that occurs within the scope of the university. On some occasions, the processing of personal data is carried out with the help of a third party, and this acts as a processor. The relationship between the processor and the controller must be governed by a written agreement, and the processor may not independently process information obtained from the university. In the case of an error, both personal data administrators and personal data administrators may be subject to administrative fines which are suggested by Datainspektionen (the Swedish Data Protection Authority) and decided by the court. Administrative fines shall be effective, proportional and dissuasive and may be very high. Datainspektionen is the supervisory authority and thus responsible for reviewing our processing of personal data and handling complaints from data subjects.

At the university there is also a Data Protection Officer who examines the processing internally but also serves as aid and support to the university. The Data Protection Officer shall also be available to handle questions and complaints from data subjects and can be contacted via dataskyddsombud@lnu.se . As an individual employee, you are expected to handle personal data correctly and have knowledge of the rules that apply to your particular duties.