What is GDPR?

The General Data Protection Regulation is a new piece of EU legislation that pertains to the collecting, storage, processing and loss of personal data. It sets a new boundaries on you as student committées or societies as you all process personal data in some way, shape or form, and probably done so outside GDPR compliance. You will need to take inventory of what data you have, what processes you have and what structure you currently use before you can move to a solution.

The solution will mostly be encompassed by switching your platform from private Google Drives or the like to Student Union managed ones or your own. You will also need to set up new guidelines and policies for how you collect, store and process data. The IT-officer will conduct continuous follow-ups to assist you in you work and make sure the new laws are respected.


  1. Take inventory of which applications you use today to store and process personal data, such as google drive, facebook, slack, instagram, gmail, websites etc.
  2. Take inventory of what kind of personal data you store where, take notes of this so you can come back to it later and know where everything is.
  3. Take inventory of how your processes work today, how do you collect, process and store data? Why do you process the data that you do?
  4. Evaluate these processes, what problems do they give you?
  5. Come up with new policies and strategies for collecting, storing and processing data.
  6. Come up with a system for removing data from your systems for when a user asks you to do so.

Handy links

General information about GDPR


List of applications from outside the EU you can use to store EU citizen data


Template for inventory of registers

Inventory of registers – example file