GDPR and data processor

General Data Protection Regulation (GDPR) and data processor

On May 25, 2018, the EU General Data Protection Regulation replaced the Swedish Data Protection Act, PuL.

A data processor is someone who processes personal data on behalf of a data controller. As the data controller, the university must have an agreement (personal data assistant agreement) with each organization (the data processor) that processes personal data for which the university is responsible. Personal data assistant agreements concluded before May 25, 2018, need renegotiation to be in line with the General Data Protection Regulations requirements for such agreements.

Template

The Legal Affairs Division has developed a template Word, 52 kB. (March 2024) for personal data assistant agreements. According to a decision of the University Director, the template shall be used when the university is responsible for the personal data. The Legal Affairs Division shall review any deviations from the template before the agreement is concluded and deviations of principle importance will be referred to the University Director for special approval.

Please note that the template agreement is adopted for processors that are subject to the General Data Protection Regulation (based within the European Union). If this is not the case, contact the Legal Affairs Division for alternative personal data assistant agreement template.

Brexit

United Kingdom has been approved with an Adequcy decision by the EU in June 2021. Brexit is currently not an issue.