Skip to main content

Data protection at SDU

Data protection at SDU

Protection of personal data

Every day, SDU processes information about a large number of students, employees, test subjects, patients et al. Therefore, the university complies with the legislation about general data protection to ensure that personal data are not misused and that affected individuals know who are treating their information and why.

Data protection officer

SDU employs a data protection officer (DPO) who advises employees and students about legislation and rules for data protection. You can contact SDU’s data protection officer, Simon Kamber, at, if you have any questions concerning SDU’s handling of your personal information. 

Privacy policy

SDU processes and registers information about individuals who come into contact with the university as for instance employees, students, participants in research projects or conferences – or just as subscribers to SDU publications.

Applied section

According to the general data protection regulation (GDPR) and the Danish data protection law, SDU, as data controller, must inform registered individuals about their rights concerning the processing of their personal information.

SDU registers personal data in accordance with the general data protection regulation, specifically paragraphs 6, 9 and 10. Personal data used in research projects are registered under the authority of the Danish data protection law § 10.

Processing and retention

SDU’s data processing is designed to be private and confidential. Personal data are processed and retained within the university’s administrative systems. When the information is no longer needed for its original purpose, it will either be deleted or stored within SDU’s recordkeeping systems.

Disclosure of personal information

Personal data will not be disclosed without the registered individual being explicitly informed, unless the university is required to disclose the information to other public authorities.

Right of access

Generally, registered individuals can at any time contact SDU ( to gain a copy of their personal information retained in SDU systems. Exempt from this are personal data included in research projects and stored by SDU.

Rectification of information

If the registered individual considers the registered information to be incorrect, he or she can contact the university for rectification of the information. This means that the university either rectifies the information or takes note that the information is incorrect and instead registers the correct information.

The registered individual is entitled to having the data controller disregard the information until it has been settled, which information is correct. Registered individuals also have the right to the university not utilizing the information if it is no longer needed. 


Registered individuals have the right to object to the processing of their personal information unless the university is processing the information as part of a research project.


If SDU has obtained consent to process the data from the registered individual, said individual can at any time withdraw their consent. Consequently, the university is not entitled to continue the processing of data after the consent has been withdrawn.

Filing a complaint with the Danish Data Protection Agency

Registered individuals can file a complaint concerning the processing of their data with the Danish Data Protection Agency


For employees

If you need to know more about how you as a lecturer, researcher or administrative staff must process personal data, please see SDU’s universe with user-oriented information about data protection and information security here.

Last Updated 03.12.2021