Questions & Answers

What are the most important differences for me as an individual when the new regulation takes effect?

Your rights will be strengthened. Among other things there are higher demands on companies and organisations to inform you about their processing of personal data. You can also in some situations say no to the processing of your personal data. For you as a student, guardian or employee within IES this means that you can say no to the use of your personal data where we do not have a purpose and a legal basis for the use.

Can I request to be completely "forgotten" by IES?

You always have the right to request that we remove any personal data we have about you as an individual. However, there is personal data we must process while you are a student, guardian or an employee within IES. We need this data to offer the education you have chosen or to fulfill our role as an employer.

No personal data is stored longer than necessary. Some information must be kept to fulfill legal requirements and agreements even after you have left, examples of this are grades, contracts of employment and financial documentation.

When is consent required from a student, guardian or employee before IES can use the personal data?

On a school there are situations that require consent, a common one when consent is required is usage of pictures or videos on social media or websites.

Social media or usage of certain learning resources can also require consent in certain situations. What is important for you as an individual is to know that consent is always optional and you can withdraw consent at any time.

If a student or an employee is interviewed by media, is the regulation still applicable?

No, the regulation allow members within the EU to be exempt from the rules of personal data processing if it is necessary to maintain the right to the freedom of expression. Media with a publishing certificate is thereby not covered by the regulation.

If the interviews take place on the initiative of IES consent is required, if the student is younger than 16 years the consent has to be given by the guardian.

How is information about students’ or employees’ allergies handled?

We handle information about allergies and it is only shared on a need to know basis. Allergies are medical information which is sensitive personal data and we store and protect it accordingly.

When is a child old enough to make their own decisions about their personal data?

A child can give consent if they understand what it implicates. The child’s age is taken into consideration as well as which type of personal data the consent is for and the purpose for using the personal data.

The general guidelines from Datainspektionen is that children can give consent in most cases from the age of 15.

What personal data is considered sensitive?

We follow the categories listed in the regulation with the addition of the Swedish social security number (personnummer).

Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic data, biometric data
Health or data concerning a natural person’s sex life or sexual orientation

Does IES release personal data to authorities?

Yes. For example, we provide information about grades to SCB (Statistics Sweden), tax information to the Swedish Tax Agency. We also hand out information to the Swedish Schools Inspectorate when necessary.

How does GDPR affect protected identity?

Protected identity is covered by another legal area, we do not process more personal data than required and the handling is with appropriate security in place.