On the same day the GDPR was published in the Official Journal of the European Union, the Swedish data protection authority (the "Datainspektionen") published a checklist ("Checklist") to help organisations work towards compliance with the GDPR. At the same time the Datainspektionen also issued some frequently asked questions ("FAQs") which focus on data processors, DPOs and breach notification.
The Datainspektionen has a reputation for being a pragmatic data protection authority which was demonstrated again by the release of these documents which aim to clarify any conflict between national laws and regulations with the GDPR.
Key issues that the documents highlight include:
- The removal of the exception for personal data processed in an unstructured form;
- The introduction of a mandatory DPO; and
- The provisions around breach notification.
The introduction of a more stringent regime under the GDPR is likely to cause friction in Sweden, where the Datainspektionen has historically taken a more light-handed approach. The Checklist and the FAQs should hopefully provide organisations in Sweden with guidance on how they can prepare for this change.
A press release from the Datainspektionen about the Checklist and FAQs is available here (Swedish).
The Checklist is available here (Swedish).
The FAQs are available here (Swedish).