Search

Other search services

Courses and programmes Syllabus Welcome letters Staff Job vacancies

List of research projects

Register list according to GDPR (Article 30) – for you as a researcher

When a research project processes personal data (e.g. about participants, patients, interviewees or contact persons), the project's processing of personal data must be documented in our register list (Article 30 GDPR).

What is the register list?

The register list is an internal overview that describes how and why we process personal data. It does not contain the personal data itself, but metadata about the processing (e.g. the categories of data, recipients and how long the data is stored).

Why do we need this?

The register list is part of the GDPR's requirements for accountability and must be able to be presented when necessary (e.g. when audited by the Swedish Authority for Privacy Protection).

When should I register my project?

You must register the project if it involves the processing of personal data, for example:

  • recruitment of participants (including only contact details);
  • collection via survey/interview/observation,
  • extracting records or other data imports;
  • coding/pseudonymisation (is still personal data as long as someone can provide feedback);
  • Sharing with partners or using external services (e.g. cloud or analytics services).

Usually, each research project is registered separately. In some cases, several projects can be brought together in a joint group if the personal data processing is the same and the purpose can be described in sufficient detail.

This is how you do it with us

We document the register list in DraftIt.

  1. Contact researchdata@miun.se for login
  2. When you have received login - choose the correct template "Research project - Mid Sweden University"
  3. Fill in the project details and save.

What you need to have ready when you fill in

  • Title of the project and brief description of purpose (what is the purpose of the processing in the project?)
  • Tick whether an impact assessment under Article 35 has been carried out
  • Make an estimate of the number of registered
  • Categories of data subjects (e.g., study participants, patients, employees, students)
  • Tick the legal basis, in research projects it is usually in the public interest
  • Fill in information if there is a data processor
  • Categories of personal data (e.g. contact details, background data, health data, pnr)
  • Indicate whether information has been provided to the data subjects
  • Planned retention/deletion time and where data is stored
  • Sources and recipients (e.g. partner, supplier/assistant, system supplier)
  • If data is processed/stored in services outside the EU/EEA or if data is shared internationally
  • Overall security measures 

Update on changes

The register entry must be updated if the project changes, e.g. if you start collecting new data, change storage solution or add new partners/assistants.

Need help?

Contact dataskyddsombud@miun.se if you are unsure how the project should be registered.

The page was updated 3/19/2026

Content owner:

Digitalization and Services (DOS)