Chapter 6 of the Data Protection Act governs the enforcement powers of the Swedish Data Protection Authority.
Additionally, in order to issue fines, the Authority may also:
- issue warnings, if a planned personal-data processing will likely contravene the provisions of the GDPR;
- issue reprimands, if ongoing personal-data processing contravenes the provisions of the GDPR;
- order a company or other organization to, for example, review a certain instance of processing.
Public authorities may be fined as well. For less serious infringements, the fine shall be a maximum of 5 million SEK. Serious infringements may be fined up to 10 million SEK.