The General Data Protection Regulation* (GDPR) is an EU Regulation that will come into force as a mandatory law in May 2018. GDPR replaces current national legislation (e.g. the Personal Data Act [PUL] in Sweden).
Examples of major changes in the new law include increased requirements regarding documentation, processes and information security, as well as the introduction of the role of data protection officer (DPO), which can be likened to the role of the personal data representative defined in the PUL but with increased requirements.
Because of this, a GDPR program has been running at PostNord since 2016, which covers relevant areas such as HR, sales, purchasing and IT.