SWEDEN Trends and Developments Contributed by: Niclas Rockborn, Astrid Svensson and August Hansson, Gernandt & Danielsson
Gernandt & Danielsson Gernandt & Danielsson Hamngatan 2, Box 5747 SE-114 87 Stockholm Sweden
Tel: +46 8 670 66 00 Email: info@gda.se Web: www.gda.se
Data Protection in Sweden: An Overview General trends In recent years, Sweden’s approach to data pro - tection has significantly evolved. Rapid techno - logical advancements, increased digitalisation across industries, and a growing awareness of the individual’s right to privacy are the main driv - ers of this development. As a member of the European Union (EU), the Swedish data protec - tion regime mainly consists of the General Data Protection Regulation (GDPR) and national laws supplementing the GDPR. This update highlights three of the most promi - nent trends in Sweden. The first trend concerns the increased focus on cybersecurity from a data protection perspective and a brief description of the related new cybersecurity legislation, with a general focus on the financial sector. The second trend highlights technological advancements and the interplay between AI and data protec - tion, with examples of ongoing initiatives in Swe - den. Thirdly, Swedish developments concerning the processing of personal data relating to crimi - nal convictions and offences are presented.
Digital Resilience from a Data Protection Perspective Digital resilience Sweden is currently placing greater emphasis on cybersecurity measures for several reasons. In addition to being affected by the recent develop - ments in EU data and cyber regulations, which have already come into force and are expected to be implemented in 2025 and 2026, the height - ened focus on cybersecurity is also a response to changes in the Swedish security landscape. The ongoing war in Ukraine, Sweden joining NATO, organised crime, violent extremism and Sweden’s threat level regarding terrorism, which has been considered to be four out of five since August 2023 (level four entails a high terrorist threat), have led organisations to prioritise and invest in cybersecurity frameworks to safeguard data. In February 2025, the Swedish Authority for Privacy Protection (IMY) ( Integritetsskyddsmyn - digheten ) released its annual report, outlining the authority’s supervision and other activi - ties throughout 2024. IMY’s three major case types – personal data breaches, inquiries, and complaints – all saw an increase during 2024 compared to the previous year. During 2024 IMY received 6,500 reports of personal data breach - es and initiated 421 supervisory cases.
408 CHAMBERS.COM
Powered by FlippingBook