Search results

Swedish Authority for Privacy Protection imposes a fine of 75 million Swedish kronor (approximately 7 million euro) on Google for failure to comply with the GDPR. Google as a search engine operator has not fulfilled its obligations in respect of the right to request delisting

Swedish Authority for Privacy Protection’s investigation shows that the Healthcare Committee in Region Örebro County made a mistake when publishing on the region’s website sensitive personal data about a patient admitted to a forensic psychiatric clinic.

We translate some of our news into English. Please visit the news page in Swedish for all our news.

The Swedish Authority for Privacy Protection often receives questions and reports concerning areas outside the scope of our operations. Here is a summary of the most common areas with details of the appropriate authority to contact.

Anyone who processes personal data is either a data controller or a data processor. A data controller is any person or entity that determines the purposes and means of the processing. A data processor is any person or entity that processes personal data on behalf of a data controller.

In addition to the regulations concerning secrecy and duty of confidentiality in health and medical care that follow from the Public Access to Information and Secrecy Act (2009:400) and the Patient Sa

The primary purpose of the Credit Information Act is to protect data subjects' personal privacy but the law is also to contribute to efficient provision of credit information.

A licence from the Swedish Authority for Privacy Protection is normally required to operate credit reference activities. We decide on licences to operate credit reference activities only if the activities can be assumed to be carried on in a knowledgeable and judicious manner. Our evaluation is based on the type and scope of the planned activities.