The Data Inspectorate of Sweden has begun its first reviews under the GDPR (General Data Protection Regulation) to ascertain whether authorities and companies that are obliged to appoint a DPO (data protection officer) have done so. Those being examined operate in the private healthcare, insurance and financial sectors.
Jonas Agnvall, a lawyer at the Data Inspectorate who is heading the audit, said: “Data Protection Officer fulfils an important function. Among other things, they will check that the organization complies with regulations and internal control documents as well as inform and advise on GDPR within its own organization.”
Under the GDPR, the appointment of a DPO is mandatory if the organisation is a public authority or body, when the organisation’s main activities involve the systematic monitoring of data subjects on a large scale, or when the organisation conducts large-scale processing of special categories of data (i.e. sensitive data such as health, religion, race, sexual orientation, etc.) and personal data relating to criminal convictions and offences.
The Data Inspectorate’s review is expected to be completed by the end of August.
Our training courses
If you’re looking to gain the expertise to fulfil the DPO role, you should consider enrolling on our Certified EU General Data Protection Regulation Practitioner (GDPR) Training Course.
This course helps you gain a practical understanding of the tools and methods for implementing and managing an effective compliance framework. It focuses on how the data protection principles work in practice, the policies and procedures necessary, and practical guidance on how to implement an effective privacy and information security compliance programme.