Since 1 January 2021, the Swedish Data Protection Authority, has a new name – the Swedish Authority for Privacy Protection (IMY). IMY is the supervisory authority for matters concerning the processing of personal data and that good practice is observed in relation to credit checks and debt collection activities. You can visit the website at www.imy.se, where you as an entrepreneur often find useful and tangible information, not least regarding GDPR.
In any event, we recommend that the information provided to those whose data is being processed is reviewed regularly, since personal data processing may change such that the information must be updated. It might be the case that you use new IT systems, update existing systems or change your own applications, or that you have changed your range of products or services. All this may well lead to less or more personal data being collected, being processed in a new way or in a different place than previously. Thus, the information must be adjusted, any Article 30 records should be adapted or new assessments of the legality of the processing must be carried out.
Personal data work is never entirely completed, it is continuous work where the correctness of the information one provides about the processing is one of the obligations you are always required to satisfy. Frequent review of the processing you are responsible for is thus appropriate and is a good start to a new year.
Do you have questions about the GDPR and privacy law?
Sara Malmgren, Senior Associate at Foyen Advokatfirma