New blog post! Revised Protection for the security of Sweden

From the 1st of April 2019, the new Protective Security Act (2018:585) and the Protective Security Ordinance (2018:658) is in force. The aim of the new legislation is to ensure that organizations conducting activities of importance to either:

  • national security, or
  • an international protective security commitment binding for Sweden,

will work in a preventive manner to protect themselves against crimes that can threaten either the security of Sweden or such binding commitment. The new Protective Security Act sets out to clarify the requirements and obligations of the abovementioned organizations, for example how to protect data and information systems of importance to national security.

As a first step, organizations will have to investigate if they are conducting activities that fall into the scope of the new legislation. Neither the act nor the ordinance contains an explicit definition of security-sensitive activities and therefore, such investigation has to be carried out on a case-by-case basis. Guidance can be found in the following criteria and if the organization is fulfilling either one or both, it might be regarded as security-sensitive:

  • a loss or a severe disturbance in the business of the organization can alone or together with similar events in other organizations in a short time frame lead to a serious crisis in the society, and/or
  • the business of the organization is necessary or essential in order to minimize the adverse effects as efficiently as possible for an already ongoing crisis in society.

Any organization carrying out security-sensitive activities are obligated under the new legislation to ascertain and document the need for security, plan and enforce necessary security measures and follow up the security work within the organization. Also, any information of importance regarding the organization’s security shall be notified to the competent supervisory authority. Examples of security measures can include the classification of data in certain levels of security, drafting and entering into security agreements and security screening of employees.

Hopefully, the new legislation will result in organizations carrying out security-sensitive activities to be well prepared against espionage, sabotage, terrorism and other crimes. But it will also require thoughtful administration and increase the costs of such organizations. If your organization is interested to get more information about the new legislation in general or have a more specific question in mind, do not hesitate to contact us.

For more information, please contact Erik Myrbergerik.myrberg@synchlaw.se, +46 761 761 948

News and Insights
Blog Posts

New blog post! Personal Data and 33 bits of Entropy

1 hour ago

This blog post is written by Kenny Chung, lawyer at Synch. Kenny is passionated about privacy issues beyond the ordinary. Read his thoughts about Personal Data and 33 bits of Entropy.

Press release

Synch assisted Starbreeze in the divestment of Indian subsidiary Dhruva

15/05/2019

Starbreeze is an independent developer, creator, publisher and distributor of PC and console.

Blog Posts

New blog post! Revised Protection for the security of Sweden

03/05/2019

This blog post is written by Erik Myrberg, lawyer from Synch. From the 1st of April 2019, the new Protective Security Act (2018:585) and the Protective Security Ordinance (2018:658) is in force. Read about it here.

News

Synch’s Daniel Kiil is part of Legal Tech Panel Sessions

26/04/2019

Daniel Kiil is joining the panel, when Nordic Legal Tech is hosting Legal Tech Sessions in Copenhagen April 29.

Press release

Synch legal advisor in connection with IPO of Triboron International AB

03/04/2019

The first day of trading will be on 8 April 2019.

Press release

Synch signs as Nordic Legal Tech’s first Nordic corporate partner        

28/03/2019

We are very pleased to announce that Synch has joined as Nordic Legal Tech’s first Nordic corporate partner.