File a GDPR-complaint
Before contacting the Swedish Authority for Privacy Protection, always try to resolve the problem yourself.
Start by contacting the organisation that you think violates the GDPR and explain why you are dissatisfied with their processing of your personal data. The organisation should then investigate the issue and hopefully correct the errors in a satisfactory manner.
The rights of the individual according to the GDPR
If your complaint concerns your individual rights, such as the right to access, erasure or rectification, it is particularly important that you contact the controller first, that is the organisation that you think violates the rules.
Explain to the controller which individual right according to the GDPR your request concerns. You can contact the data protection officer if the controller has appointed one.
In case you do not receive any assistance from the controller, you can file a complaint to us. Tell us what you are complaining about, enclose the correspondence you have had with the controller and relevant documentation if needed.
Your complaint must contain the following information
In order for us to proceed with your complaint
- it must relate to a violation of processing of personal data
- you must be affected by the processing, or file the complaint on behalf of another data subject
- the data controller must be identifiable
- you must provide information about who you are, for example your name
- you must provide contact details so that we can reach you, such as email, postal address or telephone number.
Complaints that are not completely filled out will be handled as tips. This applies, for example, if you do not name a data controller, if the complaint concerns someone else’s personal data or if you choose to remain anonymous. See the information on tips below.
If an authority has denied you a right to, for example, erasure, access or rectification, you can appeal that decision to the administrative court. Contact the authority again and request a written and appealable decision. The authority’s data protection officer can inform you about how to get an appealable decision and how to appeal.
Everything you submit to us becomes a public document. If someone requests the document, we conduct a confidentiality assessment to determine whether the information is to be classified as confidential or not. We then decide if the information can be disclosed in whole or in part. Public documents must, as a main rule, be archived in its entirety.
How we handle your complaint
The Swedish Authority for Privacy Protection will review each complaint we receive.
A complaint may, for example, lead to us sending a letter to the controller with information about rules and practices. If we consider it appropriate, we can initiate an inspection to investigate the subject matter of a complaint.
You will always receive a reply from us so that you know what actions we have taken. If we carry out an inspection, you will receive a copy of our decision.
Complaints that are not completely filled out will be handled as tips. Please see the information on tips below.
Submit a tip
It is also possible to submit a tip to us if you want to provide us with information about a violation of the GDPR or draw our attention to a certain data protection issue.
Tips that are submitted to us may be used as a basis when we decide on future actions.
You can submit your tip by e-mail or by post. Indicate clearly that it is a tip and what you would like to inform us about.
About the information on this page
If the information in English is different from the Swedish version of this page, the Swedish version applies.