Handling personal data

The General Data Protection Regulation (GDPR) sets stringent requirements governing the way we process personal data in our operations for example in your master's thesis work. The responsibility for and structure of all forms of personal data processing operations must be clarified and the data must be easy for the data subject to access and understand. 

Guidelines regarding processing of personal data in student projects (PDF)​
Consent form student thesis​


Before I start collecting or using personal data* in my thesis, I have:
  • Clarified my actual needs for collecting personal data
  • Documented the purposes for my use of personal data processing 
  • Reconciled need for personal data and purpose with my supervisor 
  • If internship: clarified the responsibility for any personal data processing with the internship company and supervisor
  • Studied the basic principles of personal data processing
  • Secured that I won’t process any sensitive personal data
  • Secured storage of personal data in storage services approved by Chalmers
  • Taken measures to keep the personal data safe from others (eg password protection to computer, determined around storage in Chalmers storage services)
  • When transferring personal data outside the EU/EEA: Contacted Chalmers' data protection officer and discussed what protection measures are required before the transfer (dataskydd@chalmers.se) 
  • Adjusted and adapted consent form with information about processing of personal data in my project/thesis
  • Obtained consent through the use of the adjusted consent form from all persons covered by the student work.
* Examples of personal data: Name, address, e-mail address, picture, video, social security number, ID number, IP address, location information, user behavior (eg in traffic situations), opinions in survey responses, health data, nationality. The important question to ask is: Can the information be linked to a specific individual?​

Page manager Published: Mon 28 Feb 2022.