Personal data in independent student projects
The General Data Protection Regulation, together with a number of Swedish laws, requires that work with personal data is carried out correctly. Here is the necessary information about the steps required for the handling of personal data to be correct.
In addition to the rules that apply to personal data, depending on what you intend to process, there may be additional rules to take into account and you should therefore have an overall discussion with your supervisor and/or examiner/course coordinator about what information should be handled and plan accordingly.
For studies at basic and advanced level
This is what applies to studies at basic and advanced level at the Swedish Defence University. Start by reading "rules regarding ethics and handling of personal data in student projects Pdf, 231.5 kB.".
If you have any questions, please contact your administrator and/or examiner/course coordinator.
Collection and processing of personal data
Any information that can be directly or indirectly linked to a living person is personal data. This means that it is not only names and social security numbers that can be personal data, but also usernames, e-mail or IP addresses, biometric data, and also, for example, a voice recording. It can also be a combination of more anonymous data that together makes it possible to identify an individual.
The processing of personal data must comply with the basic principles and there must be a legal basis for the processing.
This means, among other things, that:
- the processing must be carried out in a lawful, fair and transparent manner in relation to the data subject;
- the data shall be collected for specified, explicit and legitimate purposes;
- No more personal data may be processed than is necessary for the purpose.
- the information shall be accurate and up-to-date;
- the data shall not be kept longer than necessary for the processing, and
- The data must be processed in a secure manner.
Processing of personal data
In order to comply with the requirements of the GDPR, all of the different steps below must be assessed and performed. It is the department responsible for the course that ultimately decides how these requirements are to be fulfilled and must ensure that students are well informed about the conditions that apply to the student work. Both the student and the course coordinator must be involved and know every step of the process.
It is the supervisor in dialogue with the examiner who assesses whether the personal data processing can be carried out. It is possible to adjust the purpose or deny if it becomes too complicated.
If you have any questions, please contact your administrator and/or examiner/course coordinator.