As probably has come to your notice, a new EU regulation covering processing of personal data, the General Data Protection Regulation (“GDPR”), will take effect on 25 May 2018. Although the GDPR will be directly applicable in all EU member states, national laws need to be amended in order to implement additional requirements where the GDPR provides for specifications or restrictions of its rules by national law.
On 12 May, a Government Official Report (Sw: SOU), covering the proposal of a new national data protection legislation in Sweden, was published. The new legislation, called dataskyddslagen, shall replace the existing data protection act (Sw: personuppgiftslagen) and is proposed to enter into force on the same day as the GDPR.
According to the report, the aim has been to permit processing of personal data to the same extent as is permitted under existing national law, and thus not to implement more stringent or more generous provisions for the processing personal data, unless explicitly required by the GDPR.
The report will now be referred for consideration. For our Finnish neighbours, a corresponding report with proposal of amendments in Finnish data protection law is expected by end of May.
We will get back in short with an analysis.
Associate at Hannes Snellman