What does the Cybersecurity Act mean in practice?

To work in a structured and risk-based way with information and cyber security, be able to manage incidents and demonstrate compliance with requirements over time.

How to determine whether an organization is covered by the Cybersecurity Act?

The assessment is based on a combination of sector, size, possible exemptions and the organisation's role in vital supply chains, not just industry.

When does the law come into force?

15 January 2026, and many requirements require preparation well in advance — especially around governance, risk analysis and supplier management.

What are the main requirements of the Cybersecurity Act?

The core requirements concern: risk analysis and safety management, technical and organisational safeguards, incident management and reporting, management responsibility, and supply chain security.

Does the Cybersecurity Act also apply to suppliers?

Yes, often indirectly through requirements for security in the supply chain. This is especially true if the supplier supplies IT services or systems to socially important activities.

What happens in the case of supervision under the Cybersecurity Act?

Organisations need to be able to demonstrate compliance, for example through documentation, risk assessments and follow-up. Deficiencies can lead to injunctions or penalty fees.

Is a one-time intervention enough?

The No. The law requires ongoing work, follow-up and improvement. Risks, threats and supplier relationships change over time and must be monitored continuously.

How does a platform help us comply with the Cybersecurity Act?

A platform provides overview, structure and traceability, makes it easier to follow up on actions, and clearly shows how the organization works with compliance over time.

External Data Protection Officer (DSO/DPO)

Do you need to appoint a Data Protection Officer by law? Or is the issue a high priority for business-critical reasons? With our comprehensive solution, we help you with the data protection issue without you having to hire. You will receive a knowledgeable DSO who will help you with the law and to put everything into practice.

Talk to an Advisor

Make GDPR simple and manageable

Compliance with the Data Protection Regulation is critical for every organization. However, resources are often lacking to meet the demands fully.

With an external data protection officer, you get qualified support in your GDPR work and can work more structured and proactively with privacy issues. You ensure regulatory compliance, reduce risks and meet the requirement for the independence of the data protection officer without burdening the internal organisation.

Kvinna i vit stickad tröja som pratar i telefon medan hon sitter framför en bärbar Apple-dator vid ett skrivbord.

Data protection officer as a service - what is included?

When you choose DirSys Data Protection Officer as a service, you get access to a dedicated external data protection officer to help you comply with GDPR. The service provides you with ongoing advice, support with supervisory issues and help to translate regulations into practical work. To give you both cost control and the highest possible value, we offer the following packages at a fixed monthly cost.

DSO Small

For those of you who want a secure point of contact in the matter of data protection.

Registration of DSO to IMY

Anchoring the DSO role in the business

Gap Analysis GDPR & Action Plan

Incident advice

Legal advice to data subjects and staff

Monthly reconciliation with your DSO

Get fixed price per month

DSO Medium

For those of you who want to move from non-compliance to proactive risk minimisation.

All in DSO Small

Preparation of annual plan

Prioritization of the most critical activities

Examination of register list

Review of impact assessments

Privacy Policy Review

Training efforts

Get fixed price per month

DSO Large

For those of you who want to take your existing data protection work to the next level.

All in DSO Small & Medium

Advice on rights requests from data subjects

Review of educational materials

Implementation of measures Gap analysis

Review of data protection processes and procedures

Audit of the organization's incident management

Identify procedures and instructions needed

Get fixed price per month

DSO Premium

For those of you who want privacy to permeate your entire business.

All in DSO Small, Medium & Large

Assist when requiring new or existing IT solutions

Support in the development of data protection culture & security culture

Support in the implementation of business processes

Creation of templates such as Pub Agreements, Privacy Policy, Incident Reporting & Training Materials

Advice on how to carry out risk assessments in the field of information security

Get a customized quote

How we work for secure and simple data protection

Data protection is never isolated. We combine expertise in law, information security, IT governance and project management to give you a complete solution.

Safe, transparent advice

We take the trust of our customers seriously. You will receive clear priorities, regular feedback and ethical and objective assessments.

Acting instead of reacting

As an external DSO, we have a long-term and preventive perspective. Together with you, we identify and solve problems before they arise.

Industry knowledge

The need for data protection varies depending on the business. With industry understanding from public sector, healthcare, tech & SaaS, finance & insurance and much more, we provide you with customized consulting.

Talk to an Advisor

How to start your data protection journey with us

You fill out the form below

We will contact you and book a digital meeting to discuss your needs

We make a recommendation on the structure and scope

You make a decision if you want to move forward.

You are up and running quickly, at a fixed monthly cost, and can be sure that you are doing the right data protection work!

Satisfied customers to be proud of

Två personer sitter vid ett bord och arbetar på sina bärbara datorer, en i vit skjorta och en i blå tröja.

“Provides complex guidance in a simple way. Is easy to work with and has the security required for the role.”

Emelie Paridon

Region Skåne

Frequently Asked Questions about Data Protection Officer (DSO/DPO)

Does our organisation need to appoint a Data Protection Officer?

The Privacy Protection Authority recommends that all organisations appoint a DSO. However, there are some types of organizations that according to the GDPR outta appoint a Data Protection Officer.

These are:

Public bodies as public authorities
Organisations that process personal data on a regular, systematic and/or extensive basis in their core activities
Organisations that, in their core activities, process sensitive personal data or personal data relating to crimes on a large scale.

What does a Data Protection Officer do?

The task of a Data Protection Officer is to monitor your compliance with the requirements of the GDPR and to protect your personal data. This means, among other things, that:

Inform and advise businesses about their obligations under GDPR
Assist in the investigation of suspicious personal data breaches, such as data breaches or the dissemination of personal data
Act as a point of contact for the supervisory authority in matters relating to the processing of personal data
Educate and inform on the issue of personal data management and about recent events in the field
Establishing and reviewing impact assessments (DPIAs)
Monitor compliance with GDPR

Does the Data Protection Officer have to be employed?

No, a DSO does not have to be employed. A DSO should be independent which is why it is even advantageous to hire an external DSO.

What is the advantage of having an external Data Protection Officer?

The advantage of having an external data protection officer is that you follow best practices and have access to an independent DSO. It will also be a more cost-effective and flexible solution than hiring, training and retaining an employee.

With DirSys DSO as a service, you can customize the scope according to your needs and you get access to a broad portfolio of expertise in data protection, law, information security and IT.

Can our CISO, Municipal Attorney, Business Developer or CEO be a Data Protection Officer?

There are requirements for a DSO to be someone who has an independent position in the organization. It can be difficult to be independent if you already have another position in the organization. According to the Privacy Protection Authority, it is inappropriate if the DSO is part of the organization's management or otherwise participates in making overall decisions about the operations.

Who can act as Data Protection Officer?

In order to act as a DSO, one must have knowledge of GDPR, be able to understand the core business and have the ability to disseminate a data protection culture.

Who should a Data Protection Officer report to?

The DSO shall report to the management or board of the organisation as a starting point.

Can we be fined if we do not have a Data Protection Officer?

The short answer is yes. Also, be sure to notify the appointed DSO to the IMY Privacy Protection Authority.

Do you want to know more about Data Protection Officer as a service?

Feel free to contact us and we will tell you more about the setup!

info@dirsys.com

031—757 00 88