GDPR – the new EU General Data Protection Regulation – how does it affect us?

At Paloma, we are working intensively to ensure that our business complies with EU's new general data protection regulation, which enters into force on 25 May 2018. We get a lot of questions from our customers about what the new regulation entails, what we’re doing, what you need to do, and who is responsible for what. We have sorted it all out below.

Note: It is important to keep in mind that there is not yet a common practice regarding GDPR, as the regulation is new and will not enter into force until May. Thus, we can only provide general information on what regulation entails.

 

What is GDPR?

Answer: GDPR refers to the General Data Protection Regulation, a new EU regulation that will enter into force on 25 May 2018. The new regulation (in Swedish called “Allmänna dataskyddsförordningen”) replaces PUL, the Swedish Personal Data Act.

 

To whom does the regulation apply?

Answer: All organisations, industries, and businesses that store, or in any way manage, personal information about their employees or customers. The regulation also applies to small business owners with a simpler website, blog, and/or that send newsletters to a group of people, regardless of the number of recipients. It is important to remember that GDPR not only applies online or digitally but to all forms of personal data collection.

 

What does the regulation mean, in broad terms?

  • Enhanced protection for the individual with respect to his or her personal data.
  • Significantly stricter requirements on personal data management.
  • Requirements for new procedures and processes for the management of personal data registries.
  • That those who use or collect personal data in any way must obtain proper consent from the individual subject.
  • That the individual may withdraw his or her consent at any time.
  • That information is included about why personal data are collected, if such collection is necessary, and what they will be used for.
  • That every individual has the right to be forgotten; that is, to have his or her data deleted from a company's registry.
  • That every individual has the right to have his or her data corrected and moved.
  • That every individual has much greater insight into the management and storage of his or her personal data. This means that the individual has the right to receive information on what data each company has on him or her at all times.
  • That it becomes illegal to collect personal data and sell them to third parties.

 

What is defined as personal data?

An identified or identifiable physical person (living). Names, images, e-mail addresses, telephone numbers, IP addresses, DNA, residential addresses, etc. All kinds of information, really, that directly or indirectly can be attributed and linked to a living, physical person.

 

Why is the new regulation being introduced?

Today, large amounts of data on all individuals are collected constantly. For example, when using digital tools and services, or moving through the digital world. The EU therefore wants to ensure a high level of protection for each citizen, adapted to the rapid technological development. The EU also wants to safeguard citizens’ integrity protection under the European Convention, which states that “everyone is entitled to respect for their privacy”.

 

How can each company, organisation, and industry prepare?

Each company and organisation must comply with the General Data Protection Regulation, which, in most cases, involves major transitions. The time has come to review current personal data management and create processes, procedures, and quality assurance systems in order to meet the requirements of the new regulation.

 

How is Paloma preparing?

We are reviewing the current personal data management, creating processes, procedures, and quality assurance systems in order to meet the requirements of the new regulation. We are also working hard with the development and changes required to enable our customers to properly apply the GDPR. 

An example of the above is that we are building different IT solutions linked to Magnet and Postman in order to facilitate customer compliance with the GDPR. Our intention is to make our web-based tools GDPR-compliant.

 

What do you, as a customer, need to do?

Here are some tips:

  • Make sure everyone in your organisation is familiar with the GDPR and what it means in general.
  • Review what personal data your company handles and stores.
  • Review what personal data your company currently collects.
  • Make sure you have a summary of why you have the personal data stored and in what way. Be transparent!
  • Promptly delete all unnecessary personal data as well as mailing lists that you do not use.
  • Report any breach or risk of data ending up in the wrong hands to the Swedish Data Protection Authority within 72 hours, and establish a protocol for how to go about it.
  • Make sure you have someone in charge for handling matters of the right to be forgotten.
  • Make sure you can prove that you have obtained consent from your newsletter recipients. Otherwise, you have to send out a specific request to obtain it.
  • Evaluate whether there is legitimate interest for sending out, for example, a newsletter to someone, or if you need to recreate your e-mail address list and obtain active consent.
  • Find out what consent means. The recipient/customer always has the right to withdraw his or her consent.
  • Specify what you are requesting consent for.
  • Note: Did you forget to add an unsubscription link to your newsletter? Do it today!

 

Data Controller – what does it mean?

Those of you who collect personal data are called data controllers. You are responsible for the following:

  • Understanding that personal data is a person's right.  That is, you do not own it, neither as a company nor as an organisation. The private individual does.
  • Respecting “Privacy by Default”. Do not collect data that you do not need.
  • As data controller, you determine the purposes and application of the principles.
  • Adhering to the principle that silence is not considered consent. Neither are pre-checked boxes and/or inactivity.

 

Data Processor – what does it mean?

We – Paloma AB and Magnet AB – are so-called data processors. This means that we are a party that processes personal data on behalf of the data controller. The data controller and data processor must establish a so-called data processing agreement. According to the General Data Protection Regulation, the agreement must include:

  • processes in the event of a data breach.
  • processes for reporting any data breach to the Swedish Data Protection Authority.
  • information that we, as data processor, have the highest security on our servers.
  • documentation of what personal data we store, how we store them, and why we store them.

 

What exactly is defined as collection of personal data...?

This is an important question to look into. Search the web and review your business. You can, for example, start by reviewing how names and e-mail addresses are stored on your server, on your website. And once you know what information you collect, you need to be able to answer why you do it!

 

How is consent formulated in the regulation?

Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she by statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” Pre-checked boxes and similar solutions are no longer permitted.

 

If a customer’s consent serves a variety of purposes? How does it work then?

In that case, consent should be given by the customer for all purposes.

If, for example, you send out a regular newsletter on the topic of running and have collected e-mail addresses in connection with this, and then want to write another newsletter on the topic of makeup, you need to obtain new consent. The people on your mailing list have not consented to subscribing to news about makeup.

Therefore, make sure to make clear what the customer consents to. Also make sure to clarify what the customer has consented to in the confirmation e-mail.

 

How will the regulation affect companies’ use of social media, such as Facebook, YouTube, Instagram, LinkedIn, etc.?

Companies are responsible for both their own and other users’ publication on social media. However, responsibility is affected by, for example, the ability to delete user publications or disable features, such as commentary, etc. A number of other measures in the area of social media will also be required. If you and your business are active in social media and have many followers, you can find more information about the issue online.

CREATE EVENT

Get our smart tips on digital marketing. The newsletter will be published with about 10 numbers a year and of course we will not leave your address to anyone. Much pleasure!

Lämna följande fält tomt
READ MORE

 

Event planning & management made easy

Yes, this is it. Here is the ultimate event planning and management tool, serving you with structure and sharp functions while easy to use. Manage your event within every step of the way using Magnet event management tool online. 

Online event planner – for any event

Use Magnet as your online event planner whether you are a professional event planner, planning business events from time to time, or setting out to create a meet up free of charge.

If you want to send out invitations and set up an event registration page for a free event, you can use Magnet event planning tool for free. If you aim to sell tickets, you will find a highly flexible ticket sales system within the tool, and a range of payment solutions to connect with.

Allowing you to manage events in every detail

To promote and manage your event and ticket sales you will have a strong line up of smart functions behind you.
This will save you time when getting as many attendees as possible to your event.

Manage everything from printing name tags to communicating important updates by SMS and checking in the guests at arrival.
All using the same software.

When the event is over, you will also have access to relevant data, such as metrics. And the opportunity to easily follow up on the experience of your attending guests.

Different types of tickets

Provide Early Bird tickets, discounts and discount codes on one or more tickets. Set timed tickets, add products to your ticket such as admission along with a T-shirt.
Offer a waiting list when fully booked.

Check in app

Using the check in app at the entrance you will also keep track of which and how many guests that has arrived.

Select payment method

Choose which payment method to use for each event, and set a preferred method if you have a first option.
Visa and Mastercard, Payex, Payson, Billogram, Invoicing, Economy.

Different VAT rates

Admin interface for sales, revenues and VAT, receipts, reports.

Distribute, market, and sell more tickets

Create your own event page with individual event URL, retrieve automatic map, add videos or pictures, embed on website.
Send invites, share on social media, send SMS.

Follow up on sales statistics and orders

Are there any tickets left for sale? Have a closer look at the orders, number of attendees and checked in attendees.

Tracking

Facebook pixel and LinkedIN.

Time to create an event?

Let’s try it out; sign up for free and start exploring. Once you’ve created an account you will have access to our help center with FAQ:s and guides.

Go create your first event.

At the centre of event & digital marketing – blog & news letter

Get in tune and keep up to date with events and digital marketing. You will find good advice, checklists and relevant reads
featured in both our blog and news letter (sign up below). If there is anything in particular you would like us to cover, please feel free to make a request.