The new Data Protection Regulation (GDPR) entered into force on 25 May 2018 and then replaced the Swedish Personal Data Act (PUL).
GDPR (General Data Protection Resolution) is an EU directive, which in Sweden is concretized in the so-called data protection regulation. With this, we have common EU legislation that regulates how personal data may be processed. It means, among other things, that companies cannot own personal data, but only borrow it for a specific purpose.
In Sweden, the Data Inspectorate is responsible for compliance with the law. In case of violation, the company can be sentenced to a fine of up to 4% of turnover. This forces companies to think about how they manage and protect personal data. Here w
Three basic rules in the company's everyday life
In the past, it has been the practice that personal data about a former customer could be used for marketing for a period of one year after the customer relationship has ended. That is no longer the case.
- However, some personal data may need to be saved so that, for example, the seller can fulfill warranty obligations. The data is then saved with a new purpose.
- When you collect personal data, you must inform the person about what data it is about and why you are doing it. If you are going to pass on the information to others, you must tell us about it.
Do not collect more personal data than necessary – and only for a specific and predetermined purpose.
- When the personal data are no longer needed for the purpose for which they were once collected, they must be deleted. This means, for example, that information about people who are no longer customers or suppliers must be removed from the IT systems.
- Note! Think of! There may be other legislation that states that data must be saved for a certain period of time. This may, for example, concern your accounting, pension information and control information.
Who is responsible for what in connection with cloud services?
ALL COMPANIES SHOULD HAVE A REGISTER THAT DESCRIBES HOW TO HANDLE PERSONAL DATA.
Here you talk about who is responsible for a certain register or IT system, what it is used for, what types of personal data are present and what types of data and on what legal basis the data is handled.
New roles and concepts:
Personal data manager
The organization that collected personal data and hires a cloud service provider is responsible for personal data, and is responsible for compliance with laws.
Personal data service agreement
As a rule, the person in charge of personal data must ensure that there is a personal data assistant agreement.
Personal data assistant
The cloud service provider (e.g. SoftOne) is the personal data assistant to the personal data controller.
Data Protection Officer
The data protection officer is a natural person inside or outside the organization who can point out deficiencies (such as an internal auditor). The agent must be notified to the Data Protection Authority. Both personal data controllers and personal data assistants must appoint a data protection officer if:
- the personal data processing is carried out by an authority or a public body (but not courts in their judicial activities)
- the core business consists of personal data processing that requires regular and systematic monitoring of the registered to a large extent
- core business consists of large-scale processing of so-called sensitive personal data or criminal data.
Note! Anyone who wishes may also appoint a data protection officer in other cases.
Your SoftOne GO cloud service provides strong protection
PROTECTS AGAINST DATA BREAKTHROUGH ON SERVERS
SoftOne GO runs on its own servers in Sweden that are monitored around the clock. They are stored in security-classed computer halls, with firewalls, virus protection, etc. Only a few authorized persons have access to personal data. Permissions are controlled by roles with requirements for secure passwords, etc.
EASY TO MOVE PERSONAL INFORMATION
The individual’s personal information must be portable between different systems. With SoftOne GO, the information can be exported to JSON format, enabling import into other systems.
PROVIDES ACCESS TO AGGREGATED INFORMATION ABOUT INDIVIDUALS
An individual has the right to see what personal information is held. SoftOne GO easily provides an overall overview of what information about the individual is in the system. It is also easy to update personal information in the system.
DELETE AND ANONYMIZE
Possibility to delete or anonymize personal data, unless legal requirements say otherwise.
‘FACILITATES REPORTING IN CASE OF INCIDENTS
All processing of personal data in SoftOne GO is logged, so that you can follow whether improper access has taken place and inform the individual. This requires valid contact information for each individual.
With login to SoftOne GO via softone.online, SoftOne supports your company’s need for secure password management.