Our data protection expert explains
But what does IMY’s approval mean in practice? Zana Sami, Senior Privacy & Data Protection Counsel and Head of the Privacy & Data Protection Department at DISA Global Solutions, explains the requirements behind the authorisation, how DISA works with compliance, and what the decision means for our customers.
Processing criminal record data is subject to strict regulatory requirements. This to ensure that sensitive data like criminal records cannot be processed without a specific & legitimate purpose. Every country within the GDPR framework has specific domestic rules on the ability to process criminal record data. In Sweden, the IMY is the regulatory body governing permits that can be issued to process these kinds of sensitive data.
In practice, this means that we (as a private company) have been assessed on important legal principles and processes and have received the greenlight from the supervisory authority to process these kinds of sensitive information.
The IMY assesses specific legal, privacy and regulatory aspects of the company applying to make sure that sensitive personal data processing is done in accordance with the GDPR and domestic rules on data protection.
Since processing special categories of personal data and criminal record data are subject to strict regulatory rules, it’s important that companies uphold to these rules. The mentioned data are by default considered sensitive and the mishandling or incorrect processing of these kinds of data can potentially lead to negative effects of data subjects.
We have strict protocols and processes in place with regards to our screening operations and compliance with (privacy) legislation is an top-of-mind principle for us. Our screenings operations, vendor management and internal protocols are subject to review by our compliance team. Privacy-by-design is implemented as a default within the organisational framework and periodical review is ensured to maintain active compliance. We are annually (externally) audited on ISO27001/9001 & ISAE3000 type 2 certifications and assurances to demonstrate compliance. Furthermore, we have an external and independent Data Protection Officer who oversees our compliance team on privacy matters.
This means that customers can be assured and reassured that everything we do on their behalf is in line with strict regulatory requirements and we can provide high quality services which are in line with (inter)national industry standards.
Want to learn more about criminal record checks?
Handling personal data relating to criminal offences requires a high level of compliance and responsible data processing. Learn more about how criminal record checks work and what employers in Sweden need to consider.
An important milestone for DISA’s operations in Sweden
IMY’s approval confirms that DISA meets the requirements for processing personal data relating to criminal offences in Sweden. It is an important part of our continued work to deliver secure and high-quality screening processes.
The acquisition of the IMY permit by DISA Global Solutions in Sweden marks an important milestone in our commitment to compliance, data protection, and service quality. For our clients, this means working with a trusted partner that meets stringent regulatory requirements and upholds the highest standards in handling sensitive personal data. It reinforces our ability to deliver secure, reliable, and fully compliant screening solutions within the Swedish market.
Want to learn more?
Do you have questions about DISA’s background checks or how we work with compliance and data protection? Contact us using the form below and we’ll be happy to help.