GDPR risk assessment

Do you need to update your cookie banner or review your privacy and cookie policy? We help you quickly understand what is required under the latest interpretation of GDPR.

alt=""

Get in touch with one of our experts

Contact us

Do you have control over your data?

According to the Swedish Authority for Privacy Protection, all organisations that process personal data must comply with GDPR (the General Data Protection Regulation). This means, among other things, that your organisation must follow the fundamental principles, inform data subjects about how their personal data is processed, and ensure that there is a lawful basis for processing.

We are often asked what is allowed and what is not, as well as which requirements apply and what measures are needed for different systems and applications. What is right or wrong is not always clear-cut and often varies from case to case.

Gain full control

A lot has changed in recent years when it comes to handling personal data. GDPR continues to evolve through new guidance, decisions and case law, meaning that requirements are constantly shifting.

IT law is a continuously evolving field, and it is becoming increasingly important to maintain full control over your data. If you lack overview or structure, it is time to act – both to minimise risks and to ensure compliance with current regulations.

What happens if you do not comply with GDPR?

Failure to act and comply with applicable legislation may result in sanctions. The Swedish Authority for Privacy Protection is responsible for supervising compliance with GDPR in Sweden and has the authority to impose penalties on organisations and companies.

Fines of up to €20 million

There are four main types of sanctions that IMY can impose: warnings, reprimands, orders/restrictions/bans, and administrative fines. In general, fines can amount to up to 4% of a company’s global annual turnover, or a maximum of €20 million.

Are you compliant? Find out with a GDPR risk assessment

We help you understand what applies to your organisation and your systems. Examples of what a risk assessment may include:

  • Mapping of personal data processed within your systems
  • Mapping of external integrations
  • Permissions and system access controls
  • Risk and vulnerability analysis (in line with MSB guidelines)
  • Information classification (based on KLASSA guidelines)
  • And more, depending on your organisation and needs
  • Recommended actions and next steps
A man and a woman sitting by a table discussing something. The is using his hands to get his message across.

Would you like to carry out a risk assessment? 

Leave your details and we’ll get back to you shortly.

0 / 250
Fields marked with an asterisk (*) are required.
Privacy Policy