INFORMATION SECURITY PORTAL
LAWS & REGULATIONS
Below is a short description of the each law and regulation. It doeas not cover all information, it is intended as short description/introduction. It is primarily EU and Swedisch laws, but also laws from other countries if deemed relevant. For each law, there will be a link to more information.
The General Data Protection Regulation (GDPR) is a European Union law that was implemented May 25, 2018, and requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory. The regulation includes seven principles of data protection that must be implemented and eight privacy rights that must be facilitated. It also empowers member state-level data protection authorities to enforce the GDPR with sanctions and fines.
The Directive on security of network and information systems (NIS Directive) is the first piece of cybersecurity legislation passed by the European Union, the Directive was adopted on July 6, 2016.
The NIS Directive apply to operators of essential services and digital service providers. The “operators of essential services” referred to in the legislation include enterprises in the energy, transport, banking, financial market infrastructures, health, drinking water supply and distribution, and digital infrastructure sectors.
The ePrivacy Regulation is a proposal for a regulation on privacy and electronic communications services within the European Union (EU) and is thus an extension of the basic Data Protection Regulation (GDPR).
As the ePrivacy Regulation applies to the entire online sector, a large number of companies and industries will be affected.
The Security Protection Law (2018: 585) contains requirements for measures aimed at protecting information that is of importance for Sweden's security or which is to be protected according to an international commitment for security protection.
The new Protective Security Act (2018:585) and Protective Security Ordinance (2018:658), effective as of 1 April 2019, apply to everyone conducting security-sensitive operations. More organisations than before are covered, and it is clarified that the new legislation applies to both public and private organisations.