Global Data and Cyber Handbook

Sweden

Select a Topic
Start Comparison
Data localization and regulation of non-personal data
Jump to
Data localization and regulation of non-personal data Start Comparison
Are there data localization/data residency or other types of laws that may require the retention and storage of data in the local jurisdiction, or prohibit the transfer of data out of the jurisdiction?

Last review date: 27 December 2024

Yes.

☒   other laws that may require the retention and storage of personal data (including, for example, where such data is part of another type of record or dataset) in the local jurisdiction or otherwise prohibit the transfer or disclosure of the personal data outside of the local jurisdiction:

☒   tax or financial record laws

As a general rule, all bookkeeping data necessary to fulfil the documentation requirements under the Swedish Bookkeeping Act shall be stored in Sweden. There is also an ongoing public discussion about data (including but not limited to personal data) that is subject to the statutory duty of confidentiality and whether such data can lawfully be processed by cloud service providers that may be obliged to provide data to foreign governments. The US CLOUD Act is of particular concern.

Does law or regulation impose mandatory requirements to share or make accessible non-personal data?

Last review date: 27 December 2024

         Obligation for public sector organizations to share or make accessible non-personal data

         Obligation for private organizations to share or make accessible data generated by connected or "IoT" devices

         Obligation for private organizations to share or make accessible non-personal financial data

         Obligation for private organizations to share or make accessible other non-personal data

  • The Swedish Accounting Act regulates accounting, financial record keeping and reporting in Sweden. The act mandates an accurate collection and systematic recording of all business transaction. The Act also mandates that companies share relevant accounting information with auditors and relevant authorities. As mentioned above the principle of public access to information is a fundamental aspect of Sweden's governance, hence official documents held by the public authorities are accessible to the public with exceptions for certain documents i.e. to protect sensitive information. For example, the annual reports of limited companies registered in Sweden are always publicly available through the Swedish Companies Registration Office.
  • Please see the EU Chapter for the description of Data Governance Act, Data Act, and Regulation (EC) No 1049/2001 which are all applicable in Sweden. For Sweden the complementary Swedish law Data Governance act applies. The Swedish Post and Telecom Authority is responsible for supervising parts of the Data Governance act in Sweden.
  • There is also an ongoing investigation in preparation for the Swedish Data Act through which the investigator is tasked with proposing the legislative amendments and other measures necessary for the relevant authorities to exercise their powers and take the required actions under the EU Data Regulation. The assignment is to be reported by October 15, 2025, after which further steps in the legislative process follow before a new law can be admitted. The new legislation is therefore not expected to be entered into force in the immediate future.
What specific obligations do these data-sharing rules impose on private organizations?

Last review date: 27 December 2024

         Obligation to share data on request

         Obligation to share data proactively

         Obligation to (re)design products or services to facilitate data accessibility

         Obligation to standardize products or services to facilitate data portability or interoperability

{{ $store.state.loadingScreen.message }} ...