Under the EU's General Data Protection Regulation (EU/2016/679), each member state must designate an agency to be responsible for supervising the application of the regulation. This supervisory authority is to be fully independent in the performance of its duties and exercise of its authority. A corresponding authority is also to be designated in accordance with the EU's directive concerning data protection for law enforcement agencies (EU/2016/680).
The Swedish government has designated Swedish Authority for Privacy Protection to be the supervisory authority under the General Data Protection Regulation and the data protection directive. Swedish Authority for Privacy Protection is also the supervisory authority under the Swedish law that is to supplement the General Data Protection Regulation, the Data Protection Act (2018:218).
Swedish Authority for Privacy Protection is also Sweden's national supervisory authority regarding processing of personal data under the Schengen Convention, that is to say the convention on the EU's customs information systems, the decision of the Council on the establishment of the EU agency for law enforcement cooperation (Europol), the VIS Regulation, and the Eurodac Regulation.
Swedish Authority for Privacy Protection's tasks as a supervisory authority are stated in the Ordinance (2007:975) on Instructions for Swedish Authority for Privacy Protection.
According to these instructions, Swedish Authority for Privacy Protection is to "work to ensure that people's fundamental rights and freedoms are protected in connection with processing of personal data, to facilitate the free movement of such data within the European Union and to work to ensure that good practice is observed in credit rating and debt recovery activities".
Swedish Authority for Privacy Protection is also to monitor and describe developments In IT regarding issues concerning privacy and technology.
How we work
Swedish Authority for Privacy Protection gives advice and checks that the legislation is complied with.
Swedish Authority for Privacy Protection checks that laws and regulations are complied with. The checks that we make primarily concern the General Data Protection Regulation, the Camera Surveillance Act, the Credit Information Act, the Patient Data Act, and the Debt Recovery Act but we are also the supervisory authority for a large number of other statutes on registers.
Giving advice and disseminating knowledge is an important part of our work. We do this for both people who process personal data in society, the data controllers, and people whose data is processed – the data subjects. We explain what they have to do to comply with the law and what rights the individual has. We do this through:
- Information on the website. Here you will find all information about the various laws and regulations for which we are the supervisory authority. We present facts and produce FAQs, checklists, guidance, and reports, among much else.
- Press releases.
- Courses and talks.
- And by answering questions from the general public via our information service.
Complaints, enquiries and tips
If you have complaints, enquiries or tips regarding the application of the laws for which we exercise supervision, you can turn to us. Before doing so, we recommend that you first try to find the answer on our website. We have very useful information and the website is our main information channel.
Talk to your data protection officer
You can also contact your data protection officer if your organisation has one.
Checks are made mainly by means of inspection. Inspection means that Swedish Authority for Privacy Protection checks that laws and regulations are complied with through its own observations of companies, authorities and organisations. We do this either through visits or by letter, phone or e-mail.
Complaints and tips
Inspection is thus planned in most cases but we can also make an inspection following complaints or tip-offs from individuals or reports in the media.
Data protection officers
Many workplaces have a data protection officer. When we are to conduct a field inspection, we normally inform the data protection officer so that he/she can participate. The data protection officer is present at almost all inspections.
We draw up our own statutes with general regulations and publish general guidelines with recommendations on various issues. When new laws and regulations are drafted, we check that personal privacy is protected effectively; every year we submit our opinion in a large number of consultative statements. We also review drafts of statutes, requests for comment from the council on legislation and government bills, and sit on expert commissions and committees.
Swedish Authority for Privacy Protection issues permits for companies to carry on debt recovery and credit rating activities. Here on our website you can apply for and find all the relevant permits.
About the information on this page
If the information in English is different from the Swedish version of this page, the Swedish version applies.