The General Data Protection Regulation (GDPR) is EU’s new data protection regulation, which will come into force on May 25, 2018. The purpose of the Act is to strengthen the personal integrity in the processing of personal data. The Act affects all companies, organizations and industries handling personal data and will, among other things, require new routines to guarantee safe data management. Negligence can cause serious penalties and lead to extensive fines.
In Sweden, this Data Protection Regulation will replace the Swedish Personal Data Legislation (PUL). In practice, the data protection regulations can be seen as an updated version of PUL. The biggest changes consist of increased obligations and responsibilities for companies that store information.
For instance, if you have a customer register or personnel records including information about e.g. names, social security number, email addresses, etc., the registered person has the right to remove the information provided. Organizations which process data involving mapping of personal behaviour, must appoint a Data Protection Officer whose task is to monitor questions regarding data protection.