Sweden

Yes, in particular the GDPR, but also laws and regulations considered as lex specialis in relation to the aforementioned.
To give two examples:
• The Patient Data Act (2008:355) (Sw. patientdatalagen (2008:355)) covers requirement on limiting access to patient data (access control) to those who need access to such data in order to perform their health care related tasks.
• The brottsdatalag (2018:1177) covers the general obligation to implement appropriate technical and organizational security measures and respect the principles of privacy by design and default. The said act also covers requirements on impact assessment and prior consultation, as well as an obligation to report incidents.
In other respects, the GDPR applies.