GDPR Advisor


We help you to become compliant with GDPR

The Data Protection Regulation (GDPR) is a European regulation that regulates how organizations can and must process personal data. The GDPR forms the basis for the protection of the privacy of persons when processing personal data within the EU, which is a fundamental human right and must therefore be protected.

A basic principle is that personal data may only be processed in a legal, correct and transparent manner in relation to the data subject. The processing is lawful only if it is based on one of the permitted legal grounds, for example by consent of the data subject.

Let us advise and review your data protection work

Data protection work is an ongoing work, and often involves dealing with tricky questions and difficult challenges, especially when it comes to changing the organization and adapting it to the law.

In the role of external adviser, we at Secify offer a number of different solutions such as project statements, review of internal and external parties, as well as in-depth advice.

Our advisors consist of specialized data protection lawyers, experienced information security advisors and IT security specialists, who, through a close exchange of skills and experience, strive to offer advice on everything from law to suitable IT security solutions.

Would you like to know more?

Contact us and we will help you get started with GDPR.


“In our work with GDPR, Secify has been our partner and security. Without the knowledge that Secify possesses, we as a company would not have progressed far in the implementation of GDPR”

Klas Grännö, Project leader, Holmgrens Bil AB

”As our external Data Protection Officer, Secify has helped us solve complex data protection issues. They have given advice, supported and reviewed our company’s processing of personal data in an exemplary manner. The expert competence that we get from Secify creates the conditions for continued safe data protection work in our organization.”

Robert Ekvall, IT Security & Company Integration Lead, BookBeat

Några av våra kunder

We offer a range of different services and arrangements within the GDPR area

One of our most popular and well-liked services is the DPO (data protection officer) service, also called external data protection representative. Then you hire a consultant with us who works with data protection for a predetermined number of hours with you every month.

DPO as a Service

Secify provides you with an independent specialist, who acts as both reviewer and advisor for your data protection work, and ensures that your business complies with the GDPR.

Privacy counsel as a Service

Secify provides you with a data protection specialist with a pragmatic approach, as well as the tools needed to drive and support your operational work with data protection.

GDPR framework

Secify supports and develops a business-adapted framework to establish or renew your data protection organization.


Secify analyzes your existing data protection work to check the level of compliance.


We examine your organization’s website and ensure that the correct information about cookies is available and that cookies are handled correctly, in accordance with existing legal requirements.

Supplier audit (Privacy)

Secify supports you in reviewing and checking existing, but also new suppliers who may process personal data for your business.


We also carry out training efforts in both basic and more advanced areas linked to data protection, as well as advice on specific issues such as; DPIA, contract review, procurement and more.


Here are answers to the most common questions about GDPR. Do you have a question that is not listed? Use the contact form further down the page.

Does the data protection officer need to be employed within the organization?2022-10-27T16:50:21+02:00

No, not necessarily. A data protection officer can be an employee, but the function can also be filled by an external party, such as a consultant.

Does the data protection officer have to be a lawyer?2022-10-27T16:49:47+02:00

No, there are no explicit requirements that the data protection officer must have a law degree. However, the data protection officer must have; good knowledge of data protection, good expertise and the business and sufficient resources for their mission.

Can the data protection officer have multiple roles within the organization?2022-10-27T16:49:12+02:00

Yes in theory, but the Data Protection Officer must be able to work independently and independently, without being influenced by others within the organization. It is therefore important that the data protection officer does not have other tasks that may conflict with the role of data protection officer.

Is it possible to have a common data protection officer for several companies?2022-10-27T16:48:10+02:00

It is possible within groups and also for independent companies. What is required is that the data protection officer must be able to put in the resources required to reach what is prescribed in the GDPR’s articles. this also applies to public organisations

What are the duties of a data protection officer?2022-10-27T16:47:24+02:00

The data protection officer must:

  • Advise on impact assessments
  • Be the contact person for the countrys authority for Privacy Protection
  • Be the contact person for the registered and the staff within the organization
  • Cooperate with the authority for Privacy Protection, for example during inspections.
What are the responsibilities of a data protection officer?2022-10-27T16:44:58+02:00

The data protection officer has no personal responsibility for the organization’s compliance with the data protection regulation. That responsibility always rests with the person in charge of personal data or with the personal data assistant. The data controller may also not punish the data protection officer for having performed his duties.

What is the difference between a DPO and a DOM?2022-10-27T16:44:28+02:00

Unlike a DPO, the DOM has a more operational role.

What are the advantages of an external data protection officer?2022-10-27T16:43:42+02:00

The external representative’s advantages are that the person usually brings skills from several organizations and knowledge of current practices. An external representative is also not bound by any place in the organizational hierarchy and does not risk being limited in practice because of this.

Can our CEO, CISO, CIO or similar be a data protection officer for our company?2022-10-27T16:42:45+02:00

No, it is important that the data protection officer is objective in his task. For example, it is not appropriate for the data protection officer to sit in the organization’s management or to be involved in making strategic decisions about the core business that includes personal data processing.

Can a group of individuals act as data protection officers?2022-10-27T16:41:40+02:00

Yes, a group can act as a data protection officer, but an appointed contact person is always required.

Which authority must the data protection officer register with?2022-10-27T16:41:03+02:00

The data protection officer needs register to the authority that handles privacy and GDPR questions in their country.

Can an organization have a data protection officer, even if there is no legal requirement for their business?2022-10-27T16:37:50+02:00

Yes, the fact is that the supervisory authority encourages all organizations to appoint a data protection officer. This is to be able to communicate more easily when necessary with the supervisory authority, as well as to organize the work with data protection.

Can organizations be fined for not appointing a data protection officer?2022-10-27T17:18:56+02:00

The short answer is yes. Organizations that are obliged by law to have a data protection officer (for example government agencies, or socially important actors), may receive sanctions if they have not employed or alternatively implemented a data protection officer function.

Do all organizations need a data protection officer?2022-10-27T16:53:23+02:00

No, not all organizations are required by law to have a data protection officer, but almost all must comply with the GDPR. It can therefore be of great value to a business to have someone who ensures that the ordinance is followed.

Contact us!

If this seems interesting to your company, you can either send a message using the contact function, or simply pick up the phone and call.

Phone: +4620 – 66 99 00
Visiting address: Östra Storgatan 67, Jönköping

Go to Top