The Privacy Protection Authority (IMY) has decided a new supervisory policy and a plan for the inspections which will be carried out in the next biennium. A general objective is to investigate on complaints of individuals.
The IMY, the ex swedish data inspectorate, has now decided a new policy and a new supervision plan for which it will be carried out investigations, that to say audits, in the next two years.
In the next two years, the majority of supervisory questions of IMY will cover the General Data Protection Regulation and it will be based on complaints by individuals.
The General Data Protection Regulation, GDPR, reinforces people’s rights and increases the requirements of the companies, authorities and others that manage personal data.
It is fundamental that complainants of persons are managed and that you pay attention to serious deficiencies into the personal data processing.
IMY can also start the supervision on their own initiative in relation to a report of an accident with personal data, a tip, media information or due to other information. It may also be information in complainants that the authority thinks they will bring to a wide supervision compared to the simple coverage of the individual complainant.
Investigations may be initiated, for example, if a serious breach of a person’s right to privacy is found, whether the processing affects or may have consequences for many individuals and whether it involves new technologies or a new use of existing technology which may substantially affect the individual’s right to privacy.
Other occasions where IMY may open investigations are when the Authority becomes aware that there is a serious breach of good practice in the collection of claims or in the provision of information on the claim or illegal activity.