Understanding personal data laws and admission
It’s easy to read about GDPR and what rights you have regarding your personal data. Understanding the law and what rules apply can be another thing entirely.
In order to better understand just what GDPR and personal data management at University Admissions is all about, we’ve provided some common questions and their answers.
What exactly is GDPR?
The General Data Protection Regulation (GDPR), which became law on May 25, 2018, is a law that protects the personal data of EU/EEA citizens. Even companies and organisations outside the EU/EEA have to follow these regulations if they collect or process personal data of individuals located inside the EU.
What is personal data?
According to GDPR, "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer's IP address."
Who is responsible for managing my personal data?
University Admissions is part of the Swedish Council for Higher Education (UHR), a Swedish public authority. UHR is responsible for making sure your personal data is processed correctly.
If I apply for admission, what kind of personal data are we talking about?
When you apply for admission, you create an account using personal information. You also provide documentation of your previous studies, for example by uploading transcripts and diplomas. This data is stored in the admissions registry.
What is the admissions registry?
The admissions registry is an electronic admissions system used to process admissions applications. All admissions data is loaded into the admissions registry. Personnel at UHR and Swedish universities who process admissions applications can view your data in the registry. Sometimes this data is used for official statistics (such as how many students were eligible for admission) and even research. UHR manages the admissions registry.
What is the student registry, then? Is it the same as the admissions registry?
No, it isn’t. The universities maintain a student registry and are responsible for the data in it. This registry contains other types of student data, such as what courses and programmes they’ve applied for, information about studies they’ve completed, grades, degrees, etc.
Can my data be shared with others?
UHR shares data from the admissions registry with universities in order to process applications, and when they’ve been admitted. Your data can also be transferred to:
- the Swedish Board of Student Finance (CSN), if you applied for financial aid
- the Swedish Institute, if you applied for scholarships from them
- Statistics Sweden (SCB), for statistical purposes
- the Swedish Security Service (Säkerhetspolisen), in police matters.
Isn’t my data considered private?
In Sweden, the work of the government and municipalities must be transparent. According to the Swedish Principal of Public Access, personal data stored at a public authority is a public record. This means you can access most of your admissions documents, but also that others can request to see that information. UHR will do a confidentiality check before providing information.
It’s important not to include more information than is necessary when applying to university.
Can I see my personal data?
Yes, you can. Contact University Admissions to find out how to make your request.
What if I want to change my data?
You can do that too. Contact University Admissions and let them know what is incorrect. Note that you can change your basic personal information right here at Universityadmissions.se.
How long will you keep my personal data?
UHR deletes student personal data from the admissions registry 10 years after the date it arrived. Your citizenship information is deleted right after we’ve used it to determine if you should pay fees. We delete it because we don’t need the information for further processing of your admissions application.
Is there someone I can get in touch with if I have questions?
UHR has a Data Protection Officer. You can contact them at dataskyddsombud@uhr.se.
What if I’m not happy with the way my data has been managed?
You can contact The Swedish Authority for Privacy Protection to file a complaint.