No data breach notification needed
If the data breach is unlikely to result in a risk to the rights and freedoms of natural persons, you do not have to send a report to us.
However, according to the General Data Protection Regulation (GDPR), you still need to document the breach internally. To verify that a controller has done this, Swedish Authority for Privacy Protection may demand to take part of the documentation.
More information about the documention requirements can be found in the guidelines about personal data breaches from the European Data Protection Board (EDPB).
Latest update: 20 September 2021
Page labels
Data protection