Search results

No, you do not need to notify all personal data breaches to IMY. If the breach is unlikely to result in a risk to the rights and freedoms of natural persons, it does not need to be reported to us. Eve

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Yes, it does not matter where the data subject is located in your assessment of whether or not you need to notify the breach to a data protection authority. If you are established in the EU/EEA, the G

The Swedish Data Protection Authority (IMY) criticizes the Hospital Board in Region Uppsala, for not having taken sufficient security measures in connection with the processing of personal data about, among other things, health, in e-mail.

The Swedish Privacy Protection Authority (IMY) has done a supervision of a personal data incident at the Equality Ombudsman (DO). IMY concludes that the DO did not take sufficiently effective security measures and issues an administrative fine of SEK 100,000.

The Swedish Authority for Privacy Protection (IMY) has finalized its investigation of an incident where recorded phone calls to the medical consultation service, 1177, were available unprotected on the Internet.

IMY issues an administrative fine of in total SEK 1.9 million against Region Uppsala after finding that the region has not taken appropriate security measures in its handling of sensitive personal data.

Swedish Authority for Privacy Protection imposes an administrative fine of 200 000 Swedish kronor (approximately 18 700 euro) on the National Government Service Centre for failing to notify affected parties as well as the Data Protection Authority about a personal data breach in due time