meny

Notification of a personal data breach

This information is addressed to controllers who need to notify a personal data breach to the Swedish Data Protection Authority.

You should notify the personal data breach within 72 hours after having become aware of it. If all information is not available, you may provide supplementary information within four weeks.

The information in the report will become an official document

Everything you report will become an official document. This means that anyone can request access to the document, and the document might have to be disclosed depending on the outcome of an assessment of whether secrecy applies. The decision whether a document can be disclosed or not is always ultimately made by the Swedish Data Protection Authority.

Therefore, we recommend that you only reply to the questions asked not providing more information than necessary in free text. Should you nevertheless choose to provide what you consider is confidential information, the free text field at the end of the form should be used to describe which information this applies to.

Make a notification

Use the web browsers Chrome or Edge when using our e-service. After you have filled out and submitted the form, you will be able to download a copy through your browser.

Please choose one of the links below to notify a personal data breach according to GDPR:

Report a new personal data breach >>

Give supplementary information regarding a previously made personal data breach notification >>

Do you have questions?

If you have any questions about personal data breaches, you can contact the Swedish Data Protection Authority at personuppgiftsincidenter@datainspektionen.se or call + 46(0) 8-657 61 00. Our telephone hours are 9 AM – 11 AM on Mondays, Tuesdays, Thursdays and Fridays and 9.30 AM – 11.30 AM on Wednesdays. Deviating hours may occur.