Appointment of Data Protection Officer – first up for review by the Swedish Data Protection Authority

On the 22nd of October, the Swedish Data Protection Authority released its first review after the General Data Protection Regulation 2016/679 (GDPR) went into force. The Swedish Data Protection Authority have reviewed 400 companies and authorities with the purpose to investigate if they fulfil the obligation to designate a data protection officer (DPO), according to Article 37 under the GDPR.

According to Article 37, actors in both the private and the public sector can have a responsibility to designate a DPO. The most important task of the DPO is to supervise that the organisation is compliant with the GDPR. An organisation can voluntarily designate a DPO even if they, according to Article 37, are not obliged to do so. Once a DPO has been appointed, the rules pertaining to the DPO role will apply regardless of whether the appointment was on a voluntary basis or whether it is in fact mandatory for the organisation in question.

In connection to the review, Synch has summarised a few important tips regarding the designation of a DPO. It is of importance to ensure that:

  • the DPO’s contact information (e.g. postal address, a specific phone number or/and a specific e-mail address) is easily accessible, both internally and externally. Another important factor to consider is the importance of confidentiality of the information that the DPO handles on a daily basis. Therefore, it is recommended to have separate contact information to the DPO to which only the DPO will have access to for the purpose of performing their duties;
  • communication occurs in the language or languages used by the affected data subjects and the supervisory authority;
  • the DPO is generally accessible. This will ensure the data subjects can reach the DPO, either in person in the same building as the employees or through a standby phone or other secure ways of communication;
  • the DPO is qualified for the mission;
  • there is no risk of conflict of interest given the DPO’s other tasks and responsibilities; and
  • if the organisation is established in multiple countries, it will suffice if the corporate group designates a DPO as long as the criteria’s stated above is fulfilled.

If you are uncertain about if your organisation falls under the obligation to designate a DPO, or if you have other questions regarding the implementation of GDPR, you are more than welcome to contact our lawyers specialised in data protection at

You can also test if your organisation’s Privacy Policy meets the requirements of GDPR in Synch’s AI-tool, Privacy Policy

If you would like to read the Swedish Data Protection Authority’s review in full, you can find it here. (in Swedish)

News and Insights
Blog Posts

“Founder friendly investments should be simple and straightforward”, Jesper Theil Thomsen, co-founder and CEO of SOUNDBOKS


Synch, inQvation and TechBBQ has joined forces with  to take a closer look at the term: ‘founder friendly’. In this series of articles, we ask five central stakeholders in the ecosystem to provide us with their views on the Nordic investment culture. This blog post is with Jesper Theil Thomsen is co-founder and CEO of SOUNDBOKS – the world’s loudest battery-powered speaker.

Blog Posts

TALKBBQ – THE NORDIC INVESTMENT CULTURE: Let’s talk about it with Frederikke Antonie Schmidt, founder of Roccamore


On Thursday June 27, Frederikke Antonie Schmidt, founder of Roccamore, joins the panel discussion at TalkBBQ – The Nordic Investment Culture.




Synch Advokat AB have been asked by the American Chamber of Commerce in Sweden to prepare a memorandum on the CLOUD Act in order to explain and clarify the meaning and consequences of the same.

Press release

Synch partners up with tech hub HETCH


Hetch is an initiative supporting the city of Helsingsborgs ambitious goal of becoming one of Europes most innovative cities by 2022.

Blog Posts

TalkBBQ – The Nordic Investment Culture: What does ”founder friendly” really mean?  


We have asked five central stakeholders in the ecosystem to provide us with their views on the Nordic investment culture. This blog post is with Claus Zibrandtsen, CEO at inQvation.


Synch, TechBBQ and inQvation are hosting TalkBBQ – The Nordic Investment Culture


TalkBBQ – The Nordic Investment Culture will take place in Copenhagen June 27.