Vakteye
VAKTEYE
PRICINGABOUTCONTACTINSIGHTSCAREERS
Sign InBook a Demo
Continuous compliance monitoring · GDPR · NIS2

Your policy says X.Your site does Y.We catch the contradiction before the regulator does.

Scanning now>
Get your free compliance report

30 min · live scan · no sales pressure

Reviewed where it counts. Articles cited. Evidence pack time-stamped.·EU data residency/GDPR · NIS2 · ePrivacy/Built in Sweden
1,200+Legal sources indexed
28Specialized tests
≤5 minTime to first finding
EU-onlyData residency
Real cases — Avanza, Apoteket, Apohem

Three companies. Same mistake. 60 million SEK in fines.

In 2023-2024, three companies were fined by IMY for the same mistake. Here is Avanza's case, day by day.

Source: IMY decisions on Avanza (DI-2021-5544, 2024), Apoteket (29 Aug 2024), Apohem (29 Aug 2024) — imy.se/tillsyner/
15 Nov 2019
Meta Pixel goes live
Avanza deploys Meta Pixel on site and app for marketing optimization. Intent is lawful. The integration looks correct.
Nov 2019 – Jun 2021
Sub-function silently activates
A sub-function is enabled by mistake. Holdings, account numbers, and personal data for up to 1 million customers flow to Meta. Nobody notices.
2 Jun 2021
Avanza finds it themselves
19 months in, the bank discovers the misconfiguration. The pixel is deactivated. Meta confirms deletion of the transferred data.
24 Jun 2024
IMY: 15 million SEK fine†
IMY issues the sanction (decision DI-2021-5544). Reason: lack of technical and organizational measures under GDPR Art 5(1)(f) + Art 32(1) (security failure — NOT an Art 33 breach-notification case; LEK 9 kap. 28 § found not applicable).

†Same pattern, same period—Apoteket was fined 37 million SEK (29 Aug 2024). Apohem was fined 8 million SEK (29 Aug 2024). Three companies. One activated sub-function. 60 million SEK in total sanctions.

Avanza took 19 months. You take 7 days.

Three companies. 60 million SEK in fines.

Same mistake: trackers they didn’t know about.

Avanza discovered it after 19 months.

Vakteye would have caught it on day 1.

Every week, signed.

Get your free compliance report

How a tracker becomes an evidence pack

From behavioral test to delivered report — four steps, AI for scale and human judgement where it counts.

Scan

We test the site the way regulators would

Click ”Reject All”, watch every network request, snapshot cookies and localStorage. Behavioral test, not a checkbox.

Scan

We test the site the way regulators would

Click ”Reject All”, watch every network request, snapshot cookies and localStorage. Behavioral test, not a checkbox.

  • Behavioral consent test
  • First-party trackers in disguise — caught
  • Drift monitoring between scans
Classify

Every finding tied to statute and precedent

Pattern matching plus AI models map each finding to GDPR article, ePrivacy and the relevant regulator decision.

  • GDPR + ePrivacy + LEK mapping
  • 1,662 legal text chunks · 14 frameworks indexed
  • IMY decisions as reference
Classify

Every finding tied to statute and precedent

Pattern matching plus AI models map each finding to GDPR article, ePrivacy and the relevant regulator decision.

Review step

AI for scale, human review when judgement is required

High-confidence findings are backed by behavioural proof and publish directly. Lower-confidence findings go to a review queue where an analyst decides.

Review step

AI for scale, human review when judgement is required

High-confidence findings are backed by behavioural proof and publish directly. Lower-confidence findings go to a review queue where an analyst decides.

  • Confidence level per finding (CERTAIN/FIRM/TENTATIVE)
  • Review queue for lower-confidence findings
  • Decisions logged to audit trail
Evidence pack

Time-stamped and tamper-evident

Hash-verified, statute-tied. An input for your DPO and your legal team — not an alarm light.

  • Tamper-evident manifest
  • Statute + decision cited per finding
  • Downloadable zip for your own records
Evidence pack

Time-stamped and tamper-evident

Hash-verified, statute-tied. An input for your DPO and your legal team — not an alarm light.

Scan → Classify → Verify → Evidence pack
Bevisledger · ett exempel

12 månader.
6 månader oövervakad.

Vad hände på er sajt mellan revisionerna?

12 månader för en typisk kund. Första halvan var sajten oövervakad. Andra halvan: signerad och IMY-redo varje vecka.

Mönster från Vakteyes pilotkunder — SaaS, e-handel, vård (2025–2026).

Er ledger startar vid första skanningen.

Innan Vakteye
6 månader · maj 2025 → okt 2025
9
osedda fynd på er sajt
blinda veckor utan kontroll
26
uppskattad fine-exponering
20–94 MSEK
interna larm
0

Inga interna larm. Ingen visste något förrän någon utifrån påpekade det.

Vakteye
VakteyeVakteye onboarded
3 nov 2025
Med Vakteye
6 månader · nov 2025 → idag
< 24h
från fynd till signerad varning
signerade veckor i rad
21
öppna fynd nu
0
kontinuerlig övervakning
24/7

Varje vecka en signerad rapport från en compliance-analytiker. Klar innan IMY frågar.

Beviset · 12 månader
Klicka en Tryck röd för fynd — grön för bevis.
Aktiva fynd
Granskning
Compliant · signerat
Inte bevakad
Vakteye onboarded3 nov 2025
2025
2026
apr
maj
jun
jul
aug
sep
okt
nov
dec
dec
jan
feb
mar
apr
NIS2 / Cybersäkerhetslagen i kraft · 15 jan 2026
Vakteye-redo sedan dag 1 · 0 öppna fynd
Innan
9 fynd
Vakteye onboarded3 nov 2025
Med
0 öppna
Aktiva fynd · ingen visste
v.28 · 07 jul – 13 jul 2025
2 fynd aktiva i 7 dagar utan internt larm.
Lagrum som triggades
T1 · 4% / 20M EURT2 · 2% / 10M EUR
GDPR Art. 5GDPR Art. 6GDPR Art. 7GDPR Art. 32ePrivacy 5(3)LEK 9 §28Dataskyddslagen
Avvisa-knapp icke-funktionell
CRITICAL
ePrivacy Art. 5(3) · EDPB consent guidelines

CMP-fel: "Avvisa alla"-klick registreras som "Acceptera". Aktivt hela veckan.

Liknande IMY-fall: IMY-2024-Apoteket · 37 MSEKUppskattat exponering: 8–37 MSEK
Förmarkerade samtyckesrutor
HIGH
GDPR Art. 7(2) · CJEU Planet49

Marketing-toggles förmarkerade i CMP-inställningar.

Tre företag fick 60 MSEK i IMY-böter 2024 för fynd som låg öppna mellan revisionerna. Med Vakteye har ni svaret klart innan frågan ställs.

Få er gratis compliance-rapportSe ett verkligt bevispaket →

Anonymiserat exempel. Alla fyndtyper, lagrumshänvisningar och IMY-tillsynsbeslut är verkliga och dokumenterade.

GDPR · NIS2 · ePrivacy

What we test — every week, for you

Six layers of continuous monitoring across every Swedish and EU framework. The work your annual audit never has time for.

Policy vs Reality

Your privacy policy makes promises. Your site breaks several of them. You see exactly which ones.

GDPR Art 13

Consent That Actually Stops Tracking

We click ”Reject All” for you and check whether tracking actually stops. Behavioral proof, not checkbox compliance.

ePrivacy · GDPR Art 6–7

Unsafeguarded US transfers

We map every third-country transfer and flag recipients without DPF certification or valid SCCs. Using Google Analytics without adequate Schrems II safeguards cost Tele2 SEK 12M.

Schrems II · GDPR Art 44–46

Security gaps waiting to be exploited

Active DAST scanning, security headers, TLS configuration and exposed services. SportAdmin paid SEK 6M for IT-security failures.

NIS2 · GDPR Art 32

Hidden tracking & fingerprinting

Canvas, WebGL, audio fingerprinting and session replay tools. We continuously watch the most-used fingerprinting services.

ePrivacy Art 5(3)

Evidence Trail for IMY

Time-stamped and tamper-evident reports. Every finding tied to a statute and a relevant IMY decision — material for your own compliance work.

IMY · forensiska bevis

Get your free compliance report
CONTINUOUS SURVEILLANCE
Regulator watch · Sweden + EU

What the regulator is watching now

Verified enforcement decisions and active investigations from IMY, CNIL and DPC — every row links to the primary source.

  • Jan 2026
    Sportadmin· IMY
    Inadequate IT security — 2.1M individuals' data leaked
    6M SEK
  • Nov 2025
    Miljödata + 200 municipalities· IMY
    Ransomware via HR vendor — 1.5M Swedes affected
    Active investigation
  • Sep 2025
    Google· CNIL
    Gmail ads + cookies without valid consent
    €325M
  • Sep 2025
    Shein· CNIL
    Cookies placed without consent, refusals ignored
    €150M
Source: IMY · CNIL · DPC — primary sourcesFull watchlist
TARGET
The people behind the scanner

Your compliance experts — behind every report.

Vakteye isn't just software. Behind every signed proof package sits an analyst who answers — by email, phone, or Slack.

Sweden + EU·Response < 2h business hours
← Swipe to see more →
  • Anna Hellström — Lead Compliance Analyst
    Stockholm

    Anna Hellström

    Lead Compliance Analyst

    ePrivacy & cookie enforcement

    “The red period in the proof ledger is what we look at every week — so you don't have to.”

  • Johanna Lind — Legal Counsel
    Stockholm

    Johanna Lind

    Legal Counsel

    GDPR · Swedish data protection · IMY case law

    “Every finding we flag ties to a statute and a precedent. You learn what — and why it matters to IMY.”

  • Mikael Möller — Senior Security Auditor
    Göteborg

    Mikael Möller

    Senior Security Auditor

    NIS2 · Cybersäkerhetslagen

    “NIS2 isn't a document you read once. It's a continuous exercise — and we run it for you.”

  • Sofia Bergström — Head of Research
    Malmö

    Sofia Bergström

    Head of Research

    EDPB · CJEU case law · tracker patterns

    “When EDPB shifts interpretation, you're already compliant — before IMY has time to react.”

Insights · Blog

What we see in the evidence ledger.

Research, IMY enforcement, and practical compliance guides — from the team building the evidence ledger.

Compliance

GDPR in Sweden: IMY Enforcement Trends 2025

How the Swedish Authority for Privacy Protection enforces GDPR and what it means for your business.

Dec 3, 2025 · 8 min
Research

CNAME cloaking and GDPR: how to find hidden trackers (with IMY-grade evidence)

How first-party subdomains bypass ad blockers via DNS delegation, why it violates GDPR transparency requirements, and how to detect and fix it on your own site.

Dec 1, 2025 · 12 min
Compliance

Swedish IMY's Cookie Guidance Explained

What the Swedish Authority requires for cookie consent and how to comply.

Nov 28, 2025 · 5 min

Browse by topic

NIS2 & CybersäkerhetslagenIMY EnforcementCookie & Consent CompliancePolicy vs Reality
All articles
Compliance Radar

Every new IMY enforcement. Every new NIS2 rule. Straight to your inbox.

Two emails a month. No sales pitch.

compliance-radar.en
Every other week

No sharing. No third-party trackers. Privacy policy.

COMPANY

  • PRICING
  • ABOUT US
  • CONTACT
  • INSIGHTS
  • info@vakteye.com

LEGAL

  • Privacy Policy
  • Terms of Service
  • Cookies Policy
  • Data Rights (GDPR)
  • Security policy
  • Scanner identity
  • For visitors
Vakteye
VAKTEYE

Evidence ledger for GDPR, NIS2 and ePrivacy. Every finding tied to a statute and signed by an analyst.

Vakteye
Privacy VerifiedContinuously monitored by Vakteye

© 2026 Vakteye AB. All rights reserved.