Published 2018-04-10

This post is also available in Swedish

New data protection regulation

On 25 May, the new EU General Data Protection Regulation (GDPR) enters into force. Mistra has begun work on adapting to the new directives. More information on the practical implications for everyone involved in Mistra programmes will be sent shortly.

The new law is outlined in brief below.

The General Data Protection Regulation (GDPR) will enter into legal force in all EU member states on 25 May 2018. It will involve extensive changes for those who process personal data, and strengthened rights of the individual in terms of personal privacy.

The GDPR will replace the Personal Data Act (PuL) in Sweden, but will also be supplemented by national rules. In addition to the obligation to report any handling of personal data to the Swedish Data Protection Authority, all requirements that previously existed in PuL remain in the new Regulation. The big difference is that the GDPR imposes considerably more stringent requirements for handling personal data. It is stipulated, for example, that managers must incorporate from the start a high level of privacy protection in their systems and the processes used.

Individuals who are registered will have their rights enhanced and be able to claim damages if these rights are not met. Moreover, a key addition in the new data protection regulation is its explicit statement that those who handle personal data must be responsible for, and able to demonstrate, compliance with the provisions of the GDPR (they are accountable).

Text: Malin Lindgren