After the European Commission decided on a new regulation for data protection – the General Data Protection Regulation (GDPR), the Swedish government appointed a team to evaluate how Swedish laws and regulations should be adapted to GDPR. The results will be presented today, May 12th.
The GDPR means that all member countries will have to review their own laws and regulations, as there might exist conflicts between national laws and the GDPR. The purpose of the national investigation has been to determine what kind of laws and supplementary regulations will be required in Sweden. The aim is to ensure that there exists an alignment between internal regulations and the GDPR. Some specific issues that have been looked at in detail are consent for use of personal data of children, how national social security numbers are processed, and administrative sanctions.
We hope that the government’s evaluation can give more clarity as to how Swedish regulations will change, which in turn will help organisations prepare for GDPR, as GDPR will come into effect on May 25th 2018.
What is GDPR and what does it mean?
GDPR is related to data protection, privacy and the processing of personal data, and is a regulation that will affect the whole of EU/EEA. This means that it will replace the current Swedish personal data protection act.
GDPR is user-centric, i.e. it is designed completely with the user in mind. This means that the individual will have more power related to how their personal data can be used. Organisations will have to adapt their processes to the new regulation.
The purpose of GDPR is to minimize the differences in member states’ data protection and privacy law. Further, a common regulation for the whole of EU/EEA means that organisations that conduct business in several EU/EEA countries basically need to comply with one data protection law, with minor adaptions to the national laws of member states.
24 Solutions will help your organization become compliant with GDPR. We offer workshops and education opportunities for organisations and Data Protection Officers.