1. How is GDPR implementation in Sweden different from Germany? We do not all differences. Our focus is the field of customer journey.
The legislation is overall the same, however, you must check the local laws and regulations related to personal data archiving (like financial data, HR data), mandatory reporting, etc. But GDPR is the same.
2. Which client data are publicly available in Sweden but not in Germany?
Public available personal data, although public, is still personal data and protected by GDPR. According to Article 14 GDPR - Information to be provided where personal data have not been obtained from the data subject if you collect personal data from public sources, each processing needs a clear purpose, a legal ground for processing, and the data subject must be informed about the processing, the controllers involved in the processing, the personal data categories that are being processed, the purpose of processing and associated legal grounds for the processing, other processors involved and their roles, retention policies for personal data and about their rights related to personal data. At Advisera, we have some great privacy notice templates, part of our EU GDPR Documentation Toolkit, link below.
3. Which data can be tracked, e.g. client behavior, websurfing habits etc.?
Tracking of personal data is the processing of personal data, so you need a purpose (why do you want to track personal data), a legal ground for processing (I recommend Consent for processing operations involving personal data tracking), you need to establish the categories of personal data that are being monitored (applying at the same time the principle of data minimization, as it is described in Article 5 GDPR - Principles relating to the processing of personal data, para 1.c), to establish a retention policy according to GDPR Article 5.1.e and to ensure the security of personal data.
Please also consult these resources: