The new Swedish Data Protection Act (DPA) (Lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning) was passed on 18 May 2018 and entered into force on 25 May 2018. The Swedish DPA includes complementary provisions to the GDPR.
- Available in Swedish at: http://rkrattsbaser.gov.se/sfst?bet=2018:218
Various sectoral laws govern the use of personal data, including the:
- Camera Surveillance Act (Kamerabevakningslag (2018:1200)) including rules on processing of personal data relating to closed-circuit television (CCTV) monitoring: The new rules entered into force on 1 August 2018.
- Credit Information Act (Kreditupplysningslagen (1973:1173))protecting data subjects’ personal privacy and the provision of credit information.
- The Debt Recovery Act (Inkassolagen (1974:182)) contains provisions applying to persons and entities who recover debts.
- The Fundamental Law on Freedom of Expression (Yttrandefrihetsgrundlag (1991:1469)) provides national rules regarding freedom of expression and freedom of information.
- The Marketing Act (Marknadsföringslag (2008:486)) (unofficial English translation: https://www.government.se/4abc0a/contentassets/747603b3d1a04351b1773524c7de3c84/2008486-marketing-act) regulates the use of personal data and advertising and marketing activities.
- The Patient Data Act (Patientdatalag (2008:355)) governs processing of personal data in health care.
Guidelines and templates of the Swedish Data Protection Agency (Datainspektionen) are available on the official website (in Swedish): https://www.datainspektionen.se/