Processing of personal data

Here you can read more about how the Authority processes personal data.

Personal data is all kinds of information that directly or indirectly can be linked to natural persons. Name, personal identity number, phone number, post and e-mail addresses are all examples of such information. Earlier the processing of personal data was governed by the Swedish Personal Data Act.

On the 25th of May 2018, the Personal Data Act was replaced by the General Data Protection Regulation (GDPR) that is valid throughout the European Union (EU). GDPR strengthens the rights of natural persons with regard to the processing of personal data. In addition, the regulation involves many changes for those who process personal data. You can read more about GDPR at the Swedish Authority for Privacy Protection

Obtained information and public access

The Swedish Crime Victim Authority is a governmental authority and is subject to the Swedish principle of public access to information. This means that everything that is submitted to the Authority becomes an official document and can be disclosed to anyone who requests it. In cases where the data is covered by confidentiality obligations in accordance with the Public Access to Information and Secrecy Act (2009:400), it cannot be disclosed.

In accordance with the Public Access to Information and Secrecy Act, authorities are subject to confidentiality obligations when processing sensitive personal data, for example medical certificates and health records. Information must not be disclosed if it can be assumed that by disclosing it, it would harm the person it concerns or the people close to the person. A document containing information that is covered by confidentiality obligations cannot be disclosed.

The same confidentiality obligations apply to information that the Authority has received from other authorities as long as that the information is under the confidentiality obligations to protect the rights of a natural person with regard to the processing of personal sensitive data. Health records that the Authority has received from healthcare providers is an example of such information. A decision made by the Authority in a particular case is always public.

Personal Data Controller

The Swedish Crime Victim Authority is the data controller responsible for the processing of personal data. All information is archived in accordance with the rules and laws that apply to the Authority’s archive managing. Information is disclosed in accordance with Public Access and Secrecy Act.

The Rights of the data subject

You have the right to be informed about the collection and use of your personal data by the Authority. At the bottom of this webpage, there is information about how you can contact us. You have the right to request rectification of incorrect data. From the 25th of May 2018, you have also the right to question the way the Authority is processing your personal data. If you are dissatisfied with the way the Authority processes personal data you have the right to file a complaint with the supervisory authority The Swedish Data Protection Authority.

Data Protection Officer

In accordance with GDPR, every authority must have a data protection officer. The data protection officer must have good knowledge about data protection legislation. His or her duty is to ensure that the data protection legislation is being followed. The data protection officer is also a contact person in the Authority’s contact with the Swedish Data Protection Authority.

The data protection officer at the Swedish Crime Victim Authority is Ingela Ackemo. You can contact her by sending an e-mail to or by calling our phone switchboard at 090-70 82 00.

Personal data at

At, you can register for courses and seminars, order various booklets and publications, subscribe to newsletters, apply for criminal injuries compensation and apply for funds from the Crime Victim Fund. Personel that work with electronic processing of documents, for example when distributing received cases to our administrators, can be processing your personal data.

The Authority does not sell your personal data to third parties. Information is only disclosed if required by law. For more information, please contact us.