Under kvällen den 25 mars genomför vi ett planerat underhåll av IMY.se. Webbplatsen, och våra e-tjänster, kan därför vara svåra att nå vissa stunder under denna kväll. Besökare kan komma att se en servicesida.
A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
All data controllers must notify us of personal data breaches unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. You must therefore assess whether or not the breach should be notified to us.
You should report the personal data breach within 72 hours after having become aware of it. If all information is not yet available, you may provide supplementary information within four weeks.
For controllers
This information is addressed to data controllers who need to notify a personal data breach to the Swedish Authority for Privacy Protection (IMY).
As an individual, you can instead file a complaint if you suspect that someone is processing your personal data in a way that violates the General Data Protection Regulation (GDPR).
Use the web browsers Chrome or Edge when using our e-service. After you have filled out and submitted the form, you will be able to download a copy through your browser. Please choose one of the links below to notify a personal data breach according to GDPR.
If you do not wish to accept cookies, your web browser can be set to automatically deny the storage of cookies or to inform you each time a website requests permission to store a cookie. Previously stored cookies can also be deleted via the web browser. Our e-services do not work if you deny the storage of cookies in your web browser. Please fill in a form and send in your notification by post instead.
Everything you report will become an official document. This means that anyone can request access to the document, and the document might have to be disclosed depending on the outcome of an assessment of whether secrecy applies. The decision whether a document can be disclosed or not is always ultimately made by the Swedish Authority for Privacy Protection.
Therefore, we recommend that you only reply to the questions asked, not providing more information than necessary using the free text fields. Should you nevertheless choose to provide what you consider is confidential information, the free text field at the end of the form should be used to describe which information this applies to.