No data breach notification needed
If the data breach is unlikely to result in a risk to the rights and freedoms of natural persons, you do not have to send a report to us.
However, according to the General Data Protection Regulation (GDPR), you still need to document the breach internally. The Swedish Authority for Privacy Protection (IMY) may demand to take part of the documentation.
More information about the documentation requirements can be found in the guidelines about personal data breaches from the European Data Protection Board (EDPB).
Latest update: 20 March 2025
Page labels
Data protection