Data Protection Officer

Data Protection and Responsibility at KTH

KTH's data protection efforts are primarily governed by the GDPR, which protects individuals' rights to privacy and personal data. The regulation applies to all entities processing personal data, with supervision by the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).

KTH is a data controller, meaning KTH management is responsible for ensuring compliance with the GDPR. The Security Department leads the work, and all employees have a shared responsibility for data protection in their daily tasks.

KTH's Data Protection Officer (DPO) is part of the Security and Safety Department and supports the organisation while overseeing GDPR compliance. The DPO is also the first point of contact for individuals wishing to exercise their data protection rights.

Personal Data Incidents and Reporting

A personal data incident occurs when personal data is improperly disclosed or altered, and such incidents should be reported to abuse@kth.se.

Definitions

• Personal Data: Information that can identify a living individual.

• Data Subject: An individual whose personal data is processed.

• Data Controller: KTH, responsible for all processing of personal data.

• Data Processor: External parties processing personal data on KTH's behalf.

• Sensitive Personal Data: Data related to health, political opinions, or union membership, requiring special protection and can only be processed if there is legal justification.

Legal Basis for Processing

Personal data can be processed if necessary to fulfill a task of public interest, to meet legal obligations, or if consent has been obtained.

Register of Processing Activities

KTH maintains a register of all ongoing personal data processing, providing an overview and ensuring GDPR compliance.

Data Protection Rights

For questions about data protection rights (such as data deletion or access requests), please contact dataskydd@kth.se.