Utskrift från Malmö universitets webbplats www.mah.se

What do you need to know about the new General Data Protection Regulation?

2017-11-24

NEW LAW. From May 25, 2018, the new General Data Protection Regulation will apply. Until then, there will be an ongoing inventory, education and planning period at the University. Now you can book a presentation of the new regulation for your research group or workplace meeting.

From May 25, 2018, the new data protection regulation, also known as the GDPR, will apply. Jesper Wokander is the University’s data protection officer leading the preparations. 

Strengthening the individual’s rights

“The background to this new regulation is the rapid technological development, especially in collecting and processing personal data, where companies like Google and Facebook have grown to some of the world's largest and most profitable companies selling personal data as their main source of income. The aim is to strengthen the protection of personal integrity and to create a uniform legal framework throughout the European Union (EU)”, says Jesper Wokander.

The protection through the Swedish Personal Data Act (PUL) has proved insufficient and the EU has therefore adopted the new data protection regulation. Any individual or organization handling personal data concerning persons within the Union, regardless if the processing of data happens within or outside the European Union, must respect the fundamental rights and freedoms of people, and their rights to the protection of personal data in particular.

“Generally speaking, the new legislation is not a problem for academia, it is primarily aimed at actors who buy and sell personal data for commercial purposes.”

Ongoing preparations

During this autumn and onward, an outreach activity is conducted to spread knowledge and provide assistance and support in the adaptation process regarding personal data in administration, education and research.

“There will mainly be new requirements on how we handle the personal data. In other words, we can conduct our research as before but face new requirements regarding the collection and management of research materials containing personal data", says Jesper Wokander.

What will change?

One of the requirements is that we must organise records of all the data processing activities that take place within the University and be able to provide them when someone asks. Another requirement is information to the registered person, where we must state clearly what information we collect and for what purpose. To ensure that we follow the requirements, the fines are greatly increased, with a maximum amount of € 20,000,000.

"This amount is of course not what we will be fined at first, the fine is supposed to be effective and dissuasive so that we do not take it lightly", says Jesper Wokander.

Book a presentation

The University has produced a presentation describing the background to the new data protection regulation, how it works, and what it actually means for us. The presentation can be booked to department meetings, and similar occasions when you are a group needing more information and the opportunity to ask questions. Normally the presentation takes 30-40 minutes depending on the amount of questions, and it can be booked by contacting Jesper Wokander.

"There are many private consultants approaching employees to sell courses, but for most of you they are not necessary. The General Data Protection Regulation may seem difficult and scary, but it’s better than its reputation!”

Text: Johanna Svensson