2.1 C
Monday, March 4, 2024
HomeGlobal NewsSweden: Swedish Data Protection Authority Establishes Art. 41 GDPR Accreditation Requirements

Sweden: Swedish Data Protection Authority Establishes Art. 41 GDPR Accreditation Requirements


Related stories

Ukraine Sees Risk of Russia Breaking Through Defences by Summer

Berlin (29/2 – 30) Ukrainian officials are concerned that Russian...

Putin doesn’t really want a war with NATO because ‘Russia will lose and lose quickly’

Berlin/London/Brussels (29/2 – 33.33). Russia doesn't want a conflict with...

German army chief wants more money for equipment.

Berlin (2/3 – 62.50).            Lt. Gen. Alfons Mais says the...

The Spy War: How the C.I.A. Secretly Helps Ukraine Fight Putin

For more than a decade, the United States has...

Is Tajikistan’s succession saga any closer to the end?

Rustam Emomali is increasingly the face of his country...

According to Article 40.1 of the EU General Data Protection Regulation (GDPR), the national supervisory authorities in the European Economic Area shall “encourage the drawing up of codes of conduct intended to contribute to the proper application” of the GDPR. A prerequisite for codes of conduct to be prepared by Swedish associations and bodies, which represent categories of personal data controllers or processors, is that the Swedish Data Protection Authority (IMY), pursuant to Art. 41 GDPR, has to establish the requirements that will apply to their accreditation bodies, the so-called supervisory bodies, which will be responsible in monitoring compliance with the code of conduct by the controllers or processors that undertake to apply it.

Following the IMY’s submission of accreditation requirements to the European Data Protection Board (EDPB) in 2022, the EDPB issued a statement on 11 July 2023 recommending certain changes to the draft requirements. The EDPB confirmed receipt of a new version from IMY and has now closed the file. IMY issued a decision on the applicable accreditation requirements on 7 September 2023 (see here, in Swedish only). 

In summary, a body must meet certain requirements in the following areas to obtain accreditation:

  • Independence
  • Conflicts of interests
  • Expertise
  • Proceedings and structures
  • Handling of complaints
  • Communication with the supervisory authority (IMY)
  • Mechanisms for oversight of the code of conduct
  • Legal standing
  • Sub-contractors


While obtaining accreditation and establishing codes of conduct may involve complex assessments and considerations, implementing codes of conduct may decrease the costs of GDPR compliance for organizations. In addition, codes of conduct enable trade associations and other interest groups to assess which considerations and technical and organizational security measures are of specific relevance to their sector.

Source : Globalcomplain

Latest stories