New rules to prevent slow processing of certain complaints at the Swedish Authority for Privacy Protection

The Riksdag has voted in favour of the Government's proposal for new rules to prevent the failure to respond to or the slow processing of certain complaints at the Swedish Authority for Privacy Protection (IMY).

The EU General Data Protection Regulation (GDPR) and the Data Protection Directive state that there must be one or more authorities in each member state responsible for monitoring the application of the Regulation and the Directive. In Sweden, the IMY has been appointed to be the supervisory authority to carry out this task.

According to the GDPR, anyone who considers that the processing of personal data concerning him or her conflicts with the Regulation shall have the right to lodge a complaint to the supervisory authority.

New rules should prevent any failure to process a complaint or prevent it from being processed too slowly once a person has submitted the complaint regarding the processing of personal data to the IMY. 

According to the new rules, a person who has lodged a complaint shall have the right to request a reply from the IMY after three months. The IMY will then have two weeks to respond, and their answer should state whether or not the IMY will carry out supervision. It will be possible to appeal the IMY’s decision.