1.4 Registration

The university is also required to keep track of the personal data processing in progress, and this is done by establishing records of all processing activities (Anmälan om personuppgiftsbehandling). The person responsible for the processing is required to register it in the records where the following information is noted:

  • the identity and contact details of the controller, the data protection officer and, where applicable, of the controller’s representative,
  • the purpose of the processing,
  • a description of the categories of data subjects and of the categories of personal data,
  • the recipients or categories of recipients of the personal data,
  • any transfer of personal data to a third country and information about suitable safeguards applied by the recipient
  • if possible, when the data will be erased and
  • if possible, a description of the safeguards of the processing (both technical and administrative).

It is necessary for the person responsible for processing personal data (for example, the owner of one of the systems or digital services of the university or the person who process personal data, for example in the course of his/her research) to know the permitted grounds, the duty to provide information and follow the principles and register the processing whereas for those who work with a personal data processing system it is important to have knowledge of what is applicable and to follow the instructions.