Login
Contact Us
joao-silas-74207-unsplash

GDPR Compliance Investigation in Finland and Sweden

After GDPR regulation coming into force on the 25th of May, the Finnish Data Protection Authority’s office was flooded with complaints about possible infringements.

This may result in sanctions worth millions in euros (read more about the fines for not complying with GDPR). Therefore, the Finnish Data Protection Authority starts a GDPR Compliance investigation of every notification received about possible infringement.

According to the public data, there are already 1300 data protection, 300 cross-border as well as 300 national infringement related complaints. Therefore, the Finish Data Protection Authority will visit hot-spots of infringements, where the search will be conducted in 1-2 days each.

Sanctions That Worth Millions – only one of the options

After the Finnish National Law regarding personal data protection coming into force, the supervisory power of the data protection authority enhances significantly. Therefore, GDPR infringement can lead to sanctions of up to 10 million euros or alternatively up to 2% of the worldwide revenue. However, it is possible that the sanction is merely a warning, or no consequences will follow.

According to the Finnish Data Protection Authority, every alleged infringement will be evaluated individually. Though, the sanction is only one of the options.  For instance, companies might face restrictions or changes to make within the company. Therefore, the use of monetary sanctions will happen in accordance with European practice.

Sweden Started Investigation Already in June

The National Law regarding data protection is already in force in Sweden. As a result, it allowed starting an investigation on how companies comply with the new GDPR already back in June. An investigation report. is available and probable sanctions will be ready by the end of 2018.

A list of 66 companies under investigation was previously released by the Swedish Data Protection Authority to the Di Digital magazine. The list contains:

  • 13 trade unions;
  • 5 telecommunication service providers;
  • 5 insurance companies;
  • 3 public transport service providers;
  • 3 banks;
  • 2 health service providers; and
  • 35 different public authorities.

In total, 362 objects from both the public and private sectors were investigated. On the 31st of October, the Swedish Data Protection Authority published an overview of the complete investigation.  It revealed that approximately 16 % of the investigated companies lack GDPR compliance. As a result, out of 66 listed cases, 57 reprimands and 2 injunctions were given. The rest (7 companies) didn’t face any consequences.

Investigated companies include operators Tele2 and Telia, money exchange service Forex Bank and Resurs Bank and others. 

Read more on this topicGDPR Compliance Checklist for 2019

Get your compliance organized with proper GDPR tools.
Contact us for a demo and get access to 14-day trial.

Request a demo

Save time and be confident

Latest Posts
7 Key Changes in EU Children’s Data Protection Rules You Need to Know by 2025

7 Key Changes in EU Children’s Data Protection Rules You Need to Know by 2025

The European Union is taking a bold step to protect minors online. From 2025, EU children’s data protection rules will...
Top 5 Myths About the EU AI Act (And What to Do Instead)

Top 5 Myths About the EU AI Act (And What to Do Instead)

Top 5 Myths About the EU AI Act — Expert Advice from GDPR Register’s CEO EU AI Act – Top...
GDPR Fines Hit €3 Billion in 2025: What DPOs Must Learn

GDPR Fines Hit €3 Billion in 2025: What DPOs Must Learn

GDPR fines hit €3 billion in 2025. Learn what went wrong at Meta, Amazon & TikTok—and what every DPO must...
Why Every Organisation Needs a Solid GDPR Foundation: Lessons from the SportAdmin Breach

Why Every Organisation Needs a Solid GDPR Foundation: Lessons from the SportAdmin Breach

Lesson 1: Privacy Isn’t Optional — It’s a Safety IssueIn the SportAdmin breach, attackers gained access to a database containing...
Is DPO the new AI officer?

Is DPO the new AI officer?

Key Takeaways on AI Compliance and the Role of Privacy Professionals The GDPR Register webinar brought together privacy professionals and...
What Is a DPO? Understanding the Role and Its Importance in GDPR Compliance

What Is a DPO? Understanding the Role and Its Importance in GDPR Compliance

The General Data Protection Regulation (GDPR) establishes the requirement for certain organizations to appoint a Data Protection Officer (DPO). The...
ESG and Data Protection: How GDPR Compliance Drives Sustainable Business Practices

ESG and Data Protection: How GDPR Compliance Drives Sustainable Business Practices

Environmental, Social, and Governance (ESG) compliance has evolved into a critical factor in corporate sustainability. Investors, regulators, and customers now...
Data Transfer Impact Assessments: The Key to GDPR-Compliance

Data Transfer Impact Assessments: The Key to GDPR-Compliance

In today’s globalized business environment, data flows across borders are essential—but they must be secure and compliant with the General...
Is Google Recaptcha GDPR Compliant?

Is Google Recaptcha GDPR Compliant?

Google reCAPTCHA is a popular tool that protects websites from spam and abuse by distinguishing between humans and bots. But...
Your Essential Guide to Developing a Data Breach Response Plan

Your Essential Guide to Developing a Data Breach Response Plan

The General Data Protection Regulation (GDPR) places significant emphasis on securing personal data, particularly in Articles 32-34, which outline requirements...
GDPR Register
Facebook-f Linkedin-in Twitter Youtube

Company

About
Privacy
Cookies
Security

SERVICES

GDPR Register
Terms and Conditions
Find a DPO
Legal Notice

Resources

Book a Demo
BLOG
News
FAQ

Newsletter

Your e-mail address is only used to send you our newsletter and information about the activities of GDPR Register. You can always use the unsubscribe link included in the mail.

Contact Us