Since 25 May 2018, the General Data Protection Regulation (GDPR) has been applicable. This regulation is a new EU Regulation which replaces the Personal Data Act (PDA) in Sweden.

This new regulation is in place to strengthen protection for private persons with respect to processing of personal data. All processing of personal data must fulfil the basic requirements stated in the General Data Protection Regulation.

Among other things, the requirements mean that personal data may only be collected for legitimate purposes which are not overly general and that the amount of data is to be limited to that which is necessary for the purpose. The data may not subsequently be processed in a manner which is inconsistent with these purposes, nor can the data be stored longer than is necessary. The party processing personal data must be able to prove compliance with the requirements.

You can read about how PRI processes personal data here. Our information regarding personal data processing is updated regularly.

Personal data at PRI for private persons

Personal data at PRI for employers