Since 1 January 2021, the Swedish Data Protection Authority, has a new name - the Swedish Authority for Privacy Protection (IMY). IMY is the supervisory authority for matters concerning the processing of personal data and that good practice is observed in relation to credit checks and debt collection activities. You can visit the website at www.imy.se, where you as an entrepreneur often find useful and tangible information, not least regarding GDPR.
Note that a reference to the Swedish Data Protection Authority must, as a rule, be stated in the information that all controllers of personal data must provide to those whose data is being processed (often referred to as a Privacy Policy or Personal Data Policy). Thus, it is advisable to look through any policy and make the necessary adjustments.
In any event, we recommend that the information provided to those whose data is being processed is reviewed regularly, since personal data processing may change such that the information must be updated. It might be the case that you use new IT systems, update existing systems or change your own applications, or that you have changed your range of products or services. All this may well lead to less or more personal data being collected, being processed in a new way or in a different place than previously. Thus, the information must be adjusted, any Article 30 records should be adapted or new assessments of the legality of the processing must be carried out.
Personal data work is never entirely completed, it is continuous work where the correctness of the information one provides about the processing is one of the obligations you are always required to satisfy. Frequent review of the processing you are responsible for is thus appropriate and is a good start to a new year.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
