12.5 C
Saturday, July 13, 2024
HomeGlobal NewsSweden: Swedish Data Protection Authority Establishes Art. 41 GDPR Accreditation Requirements

Sweden: Swedish Data Protection Authority Establishes Art. 41 GDPR Accreditation Requirements


Related stories

Putin’s war is the cause of NATO enlargement

Reporting from the NATO summitWe’re now hearing from US...

Russian Deputy Defense Minister Tatyana Shevtsova stole millions from Putin

Former Russian Deputy Defense Minister Tatyana Shevtsova, who officially...

Vienna-Based Russian Operatives Accused of Paying for Pilot Kuzminov’s Murder

The Wall Street Journal, citing sources within Western intelligence...

Europe’s leaders welcome Starmer after ‘historic’ UK election

European Council President Charles Michel hails a “new cycle...

Tajikistan Passes Bill to Ban Hijab Despite 98% Muslim Population

Tajikistan officially banned the hijab, imposing hefty fines in...

According to Article 40.1 of the EU General Data Protection Regulation (GDPR), the national supervisory authorities in the European Economic Area shall “encourage the drawing up of codes of conduct intended to contribute to the proper application” of the GDPR. A prerequisite for codes of conduct to be prepared by Swedish associations and bodies, which represent categories of personal data controllers or processors, is that the Swedish Data Protection Authority (IMY), pursuant to Art. 41 GDPR, has to establish the requirements that will apply to their accreditation bodies, the so-called supervisory bodies, which will be responsible in monitoring compliance with the code of conduct by the controllers or processors that undertake to apply it.

Following the IMY’s submission of accreditation requirements to the European Data Protection Board (EDPB) in 2022, the EDPB issued a statement on 11 July 2023 recommending certain changes to the draft requirements. The EDPB confirmed receipt of a new version from IMY and has now closed the file. IMY issued a decision on the applicable accreditation requirements on 7 September 2023 (see here, in Swedish only). 

In summary, a body must meet certain requirements in the following areas to obtain accreditation:

  • Independence
  • Conflicts of interests
  • Expertise
  • Proceedings and structures
  • Handling of complaints
  • Communication with the supervisory authority (IMY)
  • Mechanisms for oversight of the code of conduct
  • Legal standing
  • Sub-contractors


While obtaining accreditation and establishing codes of conduct may involve complex assessments and considerations, implementing codes of conduct may decrease the costs of GDPR compliance for organizations. In addition, codes of conduct enable trade associations and other interest groups to assess which considerations and technical and organizational security measures are of specific relevance to their sector.

Source : Globalcomplain

Latest stories