Search results

What is meant by privacy? What is personal data? We will try to explain these terms.

All organisations must comply with the applicable data protection legislation when processing personal data, regardless if you are a public authority, a small company or an association.

An organisation that processes personal data is in certain cases required to designate a data protection officer. The role of the data protection officer is to check that the General Data Protection Regulation is complied with within the organisation by means of, for example, conducting checks and providing information. On these pages you can find out more abut data protection officers.

If you are to have a data protection officer in you organisation, you must send the data protection officer's contact details to Swedish Authority for Privacy Protection.

The Swedish Authority for Privacy Protection is responsible for the processing of personal data for which the authority determines the purpose and means. The authority processes for example personal data in the handling of the authority's business, in the handling of questions and in the administration of courses and subscriptions.

Umeå University has processed special categories of personal data concerning sexual life and health through, amongst other, storage in a cloud service, without sufficiently protecting the data. Swedish Authority for Privacy Protection is therefore issuing a fine of SEK 550,000 against the university.

Swedish Authority for Privacy Protection imposes an administrative fine of 200 000 Swedish kronor (approximately 18 700 euro) on the National Government Service Centre for failing to notify affected parties as well as the Data Protection Authority about a personal data breach in due time

All processing of personal data must have lawful grounds under the regulation.

All businesses that handle personal data must comply with the General Data Protection Regulation (GDPR). This means, among other things, that you need to follow the fundamental principles, ensure that the processing has a lawful ground and inform the data subjects about how you handle their personal data.