Search results

Our website is divided according to whether you are looking for information as an individual or as a representative of an organisation. Select one of the entries in the menu and you will see the information that applies to you.

Companies often have operations in several countries and personal data does not always stay in one country. An instance of personal data processing that has a connection to more than one member state of the EU is called cross-border processing.

Swedish Authority for Privacy Protection (IMY) supervises law enforcement authorities.

The primary purpose of the Credit Information Act is to protect data subjects' personal privacy but the law is also to contribute to efficient provision of credit information.

On this page you will find answers to the most frequently asked questions that IMY receives about payment default records.

Information security first and foremost involves preventing information from being leaked, distorted and destroyed. It also involves ensuring that information is to be available to the right people and at the right time. Information is not to be able to fall into the wrong hands and be misused. The data subjects are to know who is using their personal data and why.

Below follows a description of what you should bear in mind when you process personal data in e-mail. The description is intended only as a guide and is not exhaustive. It is every organisation's resp

Codes of conduct are meant to help ensure proper application of the General Data Protection Regulation's provisions by specifying how personal data may be processed in specific cases.

Data protection by design and data protection by default is a requirement for all data controllers, and applies to companies of all sizes. The term privacy by design and by default is also used when talking about data protection by design and by default.

Transfer of personal data to a third country occurs when personal data is sent or made available to a recipient outside the EU/EEA.