Sanctions and penalties under Swedish data protection law

Chapter 6 of the Data Protection Act governs the enforcement powers of the Swedish Data Protection Authority.

Additionally, in order to issue fines, the Authority may also:

  • issue warnings, if a planned personal-data processing will likely contravene the provisions of the GDPR;
  • issue reprimands, if ongoing personal-data processing contravenes the provisions of the GDPR;
  • order a company or other organization to, for example, review a certain instance of processing.

Public authorities

Public authorities may be fined as well. For less serious infringements, the fine shall be a maximum of 5 million SEK. Serious infringements may be fined up to 10 million SEK.