GDPR - red flag or new digital future

Data Integrity

Digitization and digital development are the future and society must take advantage of technological developments as far as possible. The advancing technological development is also about protecting personal privacy.
- The whole backbone of the GDPR is that the rights of individuals have now been strengthened," says Lena Lindgren Schelin, Director General of the Swedish Data Protection Authority.

In spring 2016, the EU decided to adopt the General Data Protection Regulation (GDPR), which came into force in May this year. In Sweden, the GDPR replaces the Personal Data Act, PUL, which is repealed. The law is about strengthening the protection of personal privacy by giving the registered individual greater control over their personal data.

- "It's about modernizing the legislation, while I understand that the increasing requirements can be perceived as complicated and complex. I hope that the GDPR will not be seen as a wet blanket that covers the entire company's potential and willingness to develop its business," says Lena Lindgren Schelin.

She continues:
- Digitization and digital development is our future. It is here and now. We need to take advantage of technological developments as far as possible, while protecting and strengthening privacy. The rules needed to be more fit for purpose and better aligned with technological developments. When the old Personal Data Act came into force in the 1990s, we had just started using the internet," says Lena Lindgren Schelin.

Rapid technological developments and globalization have created new challenges for the protection of personal data, as the scale of their collection and sharing has increased significantly. At the same time, new demands are placed on those who handle personal data.

Do you see a risk that the GDPR will stifle innovation by making companies too cautious?

- I think the opposite. If a start-up company takes the new regulations into account and builds in privacy protection from the start, much is gained. Ultimately, it's about knowledge; anyone who starts a company or drives innovation must spend enough time to understand how to drive development and at the same time meet the requirements of the GDPR," says Lena Lindgren Schelin.

So the whole backbone of the GDPR is that the rights of the individual have been strengthened. You as an individual simply have the right to know how your personal data is processed, why and for how long. At the same time, the responsibility for how personal data is processed has been tightened and many companies and organizations are afraid of making mistakes when processing personal data.

What happens then?

- Our auditing mission does not mean that we will go in and turn your entire business upside down and scrutinize every little button you have pressed or paper you have. Instead, it is the business that has to show how it works with GDPR. If we see that the company or organization has done its utmost to consider various privacy aspects and can show this by having documented in a good way - then you have come a long way on your journey, says Lena Lindgren Schelin.

Lena Lindgren Schelin, Director General, Swedish Data Protection Authority and Johan Forsberg, Head of Press, IT&Telecom Industries