Search results

What is meant by privacy? What is personal data? We will try to explain these terms.

All organisations must comply with the applicable data protection legislation when processing personal data, regardless if you are a public authority, a small company or an association.

An organisation that processes personal data is in certain cases required to designate a data protection officer. The role of the data protection officer is to check that the General Data Protection Regulation is complied with within the organisation by means of, for example, conducting checks and providing information. On this page you can find out more about data protection officers.

A survey by the Swedish Authority for Privacy Protection (IMY) notes that less than half of responding data protection officers assess that their own organisation works continually and systematically with data protection.

The Swedish Authority for Privacy Protection is responsible for the processing of personal data for which the authority determines the purpose and means. The authority processes for example personal data in the handling of the authority's business, in the handling of questions and in the administration of courses and subscriptions.

If you are to have a data protection officer in you organisation, you must send the data protection officer's contact details to Swedish Authority for Privacy Protection.

Umeå University has processed special categories of personal data concerning sexual life and health through, amongst other, storage in a cloud service, without sufficiently protecting the data. Swedish Authority for Privacy Protection is therefore issuing a fine of SEK 550,000 against the university.

All businesses that handle personal data must comply with the General Data Protection Regulation (GDPR). This means, among other things, that you need to follow the fundamental principles, ensure that the processing has a lawful ground and inform the data subjects about how you handle their personal data.