Search

Other search services

Courses and programmes Syllabus Welcome letters Staff Job vacancies

Checklist ‑ handling of students' personal data

Checklist

This checklist is for you who are employed at Mid Sweden University and handle students' personal data in your professional role. The checklist is based on the General Data Protection Regulation (GDPR) and is supplemented with regard to common situations in the university environment. 

 

 On October 1, 201 Basic principles

  • Personal data may only be processed if there is a legal basis (e.g. legal obligation, public interest, contract).
  • The processing must be appropriate, necessary and proportionate.
  • The data may only be used for the purpose for which it was collected.
  • Personal data may not be used for new purposes without consent or other legal basis.

2. Communication

  • Use the student's official email address for all contact.
  • Do not send personal data via unencrypted email.
  • Never share the student's contact information with others without consent.

3. Documents and submissions

  • Use only approved LMS for submissions and feedback.
  • Do not post personal information (e.g. name + results) on message boards or in mailing lists.
  • Clear out submissions with sensitive information after the case is closed.

4. Attendance and grades

  • Document attendance and grades according to internal procedures.
  • All grade communication must take place via the university's secure system.

 On October 5, 201 Storage and thinning

  • Only store data in secure, approved systems.
  • Do not use private email or USB sticks for storage.
  • To delete documents according to established disposal procedures.

6. Extradition

  • Do not disclose information about students to other students, staff or external actors without a valid basis.
  • There are exceptions, such as CSN or cheating investigations.

7. Sensitive data

  • Handle sensitive data (e.g. health, religion, trade union membership) very restrictively.
  • Only authorised personnel may access such data.

8. Recording of meetings, lectures and seminars

  • Inform the participants in advance if the recording is taking place and for what purpose.
  • Specify whether the recording is stored, for how long, and who can access it.
  • Consent is required if the recording includes identifiable participants and is to be used in contexts other than teaching.
  • Avoid recording students' contributions to discussions unless necessary.


Do not hesitate to contact the Data Protection Officer if you have any questions or uncertainty.

The page was updated 3/19/2026

Content owner:

Digitalization and Services (DOS)