Handling of personal data
On the 25th of May 2018, the new EU data protection regulation, GDPR (General Data Protection Regulation) became active. This is a new EU regulation aimed at strengthening the protection of individuals when processing personal data. When it became active, it replaced the 1995 Data Protection Directive, as well as all member states current national regulations. In Sweden’s case PUL, the Personal Data Act.
GDPR places new demands on all companies, authorities and organizations that collect and manage personal data. Simply put, you could say that the GDPR concretizes the rules about protection of personal data, and clarifies responsibility for data being processed and stored. It is important that you, who store or otherwise process personal data, understand at least the basics of GDPR.
Here you can find information about GDPR and what it means:
The Swedish Authority for Privacy Protection
EU GDPR
EU-commission
To consider when processing personal data in our services
First of all, it’s important to fully understand what actually classifies as personal data. If you know that you treat personal data in one way or another, there is much to think about.
Some tips we can provide regarding personal data processing related to our services are:
- Do not process personal information you do not need (regardless of consent) and, if possible, refrain entirely from processing ”extra sensitive” data.
- Make sure that all processing and collection of personal data is done on a legal basis.
- Make sure you monitor your responsibilities as a personal data controller.
- Use encrypted protocols for eg. your web, mail and file transfers.
- Keep your applications where data is processed secure, constantly updated and limit the access to data as much as possible.
Smartsign’s role as a “controller”
We (Smartsign AB, Org.nr. 556539-2353) act as a personal data controller (controller) for you as a customer and for your information that you provide when registering in our services. This means that we undertake the responsibility as controller in GDPR, regarding processing of your personal data. Our customers may, in turn, be responsible for information they collect and store in our services, and our role will then be as a Personal Data Processor to our customers.
Smartsign’s role as a “processor”
For those who choose to store personal data in our services, we act as a personal data processor (processor). This is important primarily for you as a customer to keep track of and as personal data controller you need to make sure you have a data processing agreement. Together with our legal partners, we have put together a data protection agreement (DPA) that applies to all our customers. This, together with Appendix 1 (“Personal Data Handling”), our General Terms and Conditions, and our Data protection policy, is the information that you should look at when considering us as a processor.
Other
Other important information about how we work with GDPR, both as processor and controller, can be found in our Data protection policy and our attachment to the Data Processing Agreement, which describes how we treat personal data as a processor. We understand that many people have questions and concerns about GDPR, but unfortunately do not have the opportunity to answer questions and concerns about how to work with this outside the scope of our own services and customers, based on the information we have published here. For other questions, please refer to https://www.datainspektionen.se/in-english/ which has very good information and guides to work with GDPR.