joao-silas-74207-unsplash

GDPR Compliance Investigation in Finland and Sweden

After GDPR regulation coming into force on the 25th of May, the Finnish Data Protection Authority’s office was flooded with complaints about possible infringements.

This may result in sanctions worth millions in euros (read more about the fines for not complying with GDPR). Therefore, the Finnish Data Protection Authority starts a GDPR Compliance investigation of every notification received about possible infringement.

According to the public data, there are already 1300 data protection, 300 cross-border as well as 300 national infringement related complaints. Therefore, the Finish Data Protection Authority will visit hot-spots of infringements, where the search will be conducted in 1-2 days each.

Sanctions That Worth Millions – only one of the options

After the Finnish National Law regarding personal data protection coming into force, the supervisory power of the data protection authority enhances significantly. Therefore, GDPR infringement can lead to sanctions of up to 10 million euros or alternatively up to 2% of the worldwide revenue. However, it is possible that the sanction is merely a warning, or no consequences will follow.

According to the Finnish Data Protection Authority, every alleged infringement will be evaluated individually. Though, the sanction is only one of the options.  For instance, companies might face restrictions or changes to make within the company. Therefore, the use of monetary sanctions will happen in accordance with European practice.

Sweden Started Investigation Already in June

The National Law regarding data protection is already in force in Sweden. As a result, it allowed starting an investigation on how companies comply with the new GDPR already back in June. An investigation report. is available and probable sanctions will be ready by the end of 2018.

A list of 66 companies under investigation was previously released by the Swedish Data Protection Authority to the Di Digital magazine. The list contains:

  • 13 trade unions;
  • 5 telecommunication service providers;
  • 5 insurance companies;
  • 3 public transport service providers;
  • 3 banks;
  • 2 health service providers; and
  • 35 different public authorities.

In total, 362 objects from both the public and private sectors were investigated. On the 31st of October, the Swedish Data Protection Authority published an overview of the complete investigation.  It revealed that approximately 16 % of the investigated companies lack GDPR compliance. As a result, out of 66 listed cases, 57 reprimands and 2 injunctions were given. The rest (7 companies) didn’t face any consequences.

Investigated companies include operators Tele2 and Telia, money exchange service Forex Bank and Resurs Bank and others. 

Read more on this topicGDPR Compliance Checklist for 2019

Get your compliance organized with proper GDPR tools.
Contact us for a demo and get access to 14-day trial.

Save time and be confident

Latest Posts
Your Essential Guide to Developing a Data Breach Response Plan

Your Essential Guide to Developing a Data Breach Response Plan

The General Data Protection Regulation (GDPR) places significant emphasis on securing personal data, particularly in Articles 32-34, which outline requirements...
Biometric Data and GDPR: Key Considerations

Biometric Data and GDPR: Key Considerations

Biometric data is classified by the GDPR as a special category of personal data, subject to enhanced protection. This means...
Why ‘I Don’t Allow Meta’ Posts Don’t Work and What to Do

Why ‘I Don’t Allow Meta’ Posts Don’t Work and What to Do

Every so often, viral posts resurface on Facebook and Instagram declaring:"I do not allow Meta to use my data, pictures,...
GDPR Fine of €475 Million for Netflix: Top 5 Lessons for Everyone

GDPR Fine of €475 Million for Netflix: Top 5 Lessons for Everyone

Netflix is at the centre of a data privacy cliffhanger as the Dutch DPA indicates it is likely to be...
How to Avoid ICO Fines: Lessons from Recent GDPR Spam Text Penalties

How to Avoid ICO Fines: Lessons from Recent GDPR Spam Text Penalties

Lessons for Legal Teams: Avoiding Costly Mistakes in Data Privacy ComplianceData privacy is no longer a secondary concern for businesses—it's...
Privacy Rights and it’s Challenges – 6 Years of GDPR

Privacy Rights and it’s Challenges – 6 Years of GDPR

Six years since GDPR came into force, the promise of stronger data protection is being undermined by the rise of...
Staying Ahead of GDPR Compliance: Lessons from LinkedIn’s €310 Million Fine

Staying Ahead of GDPR Compliance: Lessons from LinkedIn’s €310 Million Fine

LinkedIn Ireland was recently fined a record-breaking €310 million by the Irish Data Protection Commission for GDPR violations, underscoring the...
Preparing Your Small Business for GDPR Compliance

Preparing Your Small Business for GDPR Compliance

The General Data Protection Regulation (GDPR) is a European Union law that protects the privacy and personal data of individuals...
The GDPR Data Map – Your Complete Guide

The GDPR Data Map – Your Complete Guide

The General Data Protection Regulation (GDPR) is a European regulation establishing the framework for personal data protection of individuals in...
GDPR in Healthcare: Compliance Guide

GDPR in Healthcare: Compliance Guide

Since General Data Protection Regulation (GDPR) entered into force, the personal data protection has become more challenging to the Healthcare...