‘I look forward to further developing the data protection work at KTH’
On March 1, the Security Department will assume responsibility for data protection at KTH, taking over from the IT Department. As a result, the role of Data Protection Officer will be transferred to the Security Department. Gustav Malis, who previously worked as a consultant in the department, will become KTH’s new Data Protection Officer.
"My task is to further develop the data protection work within the organisation and offer support in these matters," Malis says.
The Data Protection Officer has several key responsibilities. These include advising and supporting all parts of the organisation that handle personal data, such as system procurements and research projects involving personal data. The role also includes auditing to ensure compliance with data protection legislation at KTH and reporting any risks to university management.
"I am also the first point of contact for citizens who have questions about KTH's personal data processing," Malis adds.
What Challenges Lie Ahead?
"There is a foundation in the data protection work that has been done previously at KTH, but we must continue to develop it as legislation and practice change," Malis says, continuing,
"The systematic data protection work needs to be reviewed for KTH to meet legal requirements. This includes clarifying processes and documentation, and working more closely with the organisation to ensure everyone is involved in these issues."
He emphasises that data protection must be a concern for the entire organisation.
"All employees need to be aware of these issues in their everyday work, where applicable," Malis says.
In the autumn of 2024, a review of KTH’s data protection efforts was conducted, and based on that study, recommendations have been made for future work.
"We have gained a good overview of where we stand. Now we must ensure that we move forward. To do this, we need to work in a risk-based way and focus on the areas where the risks are greatest. That's where we will put our resources," Malis says.
The Security Department will lead the efforts.
How Can Employees Get Support on Data Protection Issues?
"You can always turn to me for guidance on data protection issues. It is also possible to discuss matters with colleagues or your manager. Often, issues can be resolved together," Malis says.
He stresses that the transfer of data protection responsibilities to the Security Department will not affect the daily operations of the organisation.
"Those who have ongoing data protection cases will receive feedback on their cases," Malis says.
Text: Marianne Norén