GDPR in Sweden

1. How is GDPR implementation in Sweden different from Germany? We do not all differences. Our focus is the field of customer journey.

The legislation is overall the same, however, you must check the local laws and regulations related to personal data archiving (like financial data, HR data), mandatory reporting, etc. But GDPR is the same.

2. Which client data are publicly available in Sweden but not in Germany?

Public available personal data, although public, is still personal data and protected by GDPR. According to Article 14 GDPR - Information to be provided where personal data have not been obtained from the data subject if you collect personal data from public sources, each processing needs a clear purpose, a legal ground for processing, and the data subject must be informed about the processing, the controllers involved in the processing, the personal data categories that are being processed, the purpose of processing and associated legal grounds for the processing, other processors involved and their roles, retention policies for personal data and about their rights related to personal data. At Advisera, we have some great privacy notice templates, part of our EU GDPR Documentation Toolkit, link below.

3. Which data can be tracked, e.g. client behavior, websurfing habits etc.?

Tracking of personal data is the processing of personal data, so you need a purpose (why do you want to track personal data), a legal ground for processing (I recommend Consent for processing operations involving personal data tracking), you need to establish the categories of personal data that are being monitored (applying at the same time the principle of data minimization, as it is described in Article 5 GDPR - Principles relating to the processing of personal data, para 1.c), to establish a retention policy according to GDPR Article 5.1.e and to ensure the security of personal data.

4. Are there differences in cookie policy?

The cookie policy is a document that demonstrates that you respect the requirement of transparency as described in GDPR Article 5.1.a, and in this document, you need to outline who are the data controllers, the personal data processed by each cookie, the purpose of processing, to whom the data is transferred and why and how the data subject can withdraw consent. In this respect, there shouldn’t be any differences in how the cookie policy looks. We have a great Cookie Policy template, part of our EU GDPR Documentation Toolkit, link below.

Please also consult these resources:

• Article 5 – Principles relating to processing of personal data: https://advisera.com/gdpr/principles-relating-to-processing-of-personal-data/
• Article 6 - Lawfulness of processing: https://advisera.com/gdpr/lawfulness-of-processing/
• Article 7 - Conditions for consent: https://advisera.com/gdpr/conditions-for-consent/
• Article 14 – Information to be provided where personal data have not been obtained from the data subject: https://advisera.com/gdpr/information-to-be-provided-where-personal-data-have-not-been-obtained-from-the-data-subject/
• How does GDPR affect digital marketing? https://advisera.com/articles/how-does-gdpr-affect-digital-marketing/
• How does GDPR impact marketing activities? https://advisera.com/articles/how-does-gdpr-impact-marketing-activities/
• Everything you need to know about the GDPR Privacy Notice: https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/
• EU GDPR Documentation Toolkit: https://advisera.com/toolkits/eu-gdpr-documentation-toolkit/