In order to perform its work and to provide its services, PRI needs to process personal data.
Personal data is predominantly processed for individuals who are or have been employed by a company that is a client of PRI. Processing the personal data of individuals involves a great deal of responsibility and trust. PRI protects the personal privacy of individuals, and client trust is crucial to PRI's operations. Thus, the secure processing of personal data is of fundamental importance to PRI.
To protect the rights and freedoms of individuals, the processing of personal data is also regulated by legislation, namely the General Data Protection Regulation (GDPR) and associated Swedish supplementary legislation. The data protection legislation entails, among other things, that personal data may only be collected for legitimate purposes that are not too general and that the amount of data must be limited to what is necessary for the purposes. The data must not be further processed in a way that is incompatible with those purposes and must not be kept longer than necessary. In addition, there are requirements that personal data must be protected against, for example, disclosure to unauthorised persons. Those who process personal data must be able to demonstrate that the requirements are met.