Processing of personal data by the Swedish Coast Guard
New legislation entered into force on 25 May 2018. It was the EU’s General Data Protection Regulation (GDPR), which replaced the Swedish Personal Data Act (PuL).
The EU General Data Protection Regulation is supplemented by the Swedish Data Protection Act (2018:218) and the Swedish Data Protection Ordinance, and for the Swedish Coast Guard also by an updated Swedish Act on processing of personal data in the Coast Guard (2019:429) and accompanying Ordinance.
The Swedish Coast Guard’s processing of personal data in the field of law enforcement is regulated in the Swedish Criminal Data Act (2018:1177) with supplementary legislation. The legislation contains, among other things, rules setting out basic principles for the processing of personal data and conditions for ensuring the legality of processing activities. It also contains rules on rights to information and access to personal data.
Below you can read about how the Swedish Coast Guard processes personal data and what rights you have.
For what purposes does the Swedish Coast Guard process personal data?
The Swedish Coast Guard processes personal data for different purposes, depending on the branch of activity in which processing is carried out. The purpose of the processing determines how we handle the personal data. As a general rule, personal data is processed in the following areas:
• Operational governance
• Operational support
• Emergency services
• Monitoring & control
• Law enforcement
For how long do we save the personal data?
Personal data is not processed for any longer than is necessary for the purpose of the processing. The deadlines for how long personal data may be retained vary and are governed by purging provisions and various archiving rules.
On what legal grounds does the authority process personal data?
Most processing of personal data takes place because it is necessary for us to be able to perform our undertaking and is done with the support of the legal grounds known as public interest. We also process personal data with the support of other legal grounds, such as agreements.
The Swedish Coast Guard also processes personal data for law enforcement purposes. The legal grounds that then form the basis of processing are:
• preventing, obstructing or detecting criminal activity
• investigating or prosecuting crimes
• maintaining public order and safety
• meeting obligations arising from international commitments
Who are the recipients of the personal data?
Recipients of our personal data, in addition to internal recipients, are primarily collaborating government agencies, municipalities and other organisations. The Swedish Coast Guard also cooperates with various bodies internationally. If personal data needs to be transferred to a third country, an examination is conducted first of all into whether the data may be transferred.
What are your rights?
You have the right to be given information about the processing that takes place, to have your personal data rectified and in some cases to have the data erased. As far as the Swedish Coast Guard is concerned, however, there are some exceptions regarding the obligation to provide information.
If the personal data is obtained from a source other than the data subject and the receipt or disclosure of data is expressly prescribed in law, the data is exempt from the obligation to provide information.
If the personal data is obtained directly from data subjects, it may, inter alia, be exempted from the obligation to provide information as the data subject is assumed to be aware that the data is being processed by the authority.
Data Protection Officer
If you have any questions about the handling of your personal data within the Swedish Coast Guard, you can contact the authority’s Data Protection Officer:
Phone: +46 (0)766-70 70 00
Address: Kustbevakningen, Box 536, SE-371 23 KARLSKRONA
Your right to submit a complaint
If you have a complaint, you have the right to contact the Swedish Authority for Privacy Protection. For contact details of the Swedish Authority for Privacy Protection, please refer to their website: www.imy.se