On September 18, 2023, the Swedish Authority for Privacy Protection (IMY) announced that the authority has developed a proposal for new regulations. The new regulations are intended to make it easier for companies to handle personal data regarding legal violations in order to, for example, screen customers against various sanction lists.
The majority of the cases that IMY handles are related to activities in the financial sector and the security and defense market. Businesses in these areas need to check their clients against various sanction lists, partly to comply with legal requirements in the financial sector concerning measures against money laundering and the financing of terrorism, and partly to adhere to international export restrictions.
In order to perform these checks in a lawful manner, these companies usually submit an application to IMY to obtain a decision. The necessary procedure requires effort from both the applicant company and IMY, which also results in long processing times.
Based on the above, IMY has developed proposals for new regulations that will streamline the handling of these cases for the authority and simplify the process for the applicant companies.
The proposal developed by IMY has now been sent for consultation to a number of organizations, including the Swedish Financial Supervisory Authority and the Swedish Bankers' Association.