Blog
A practical GDPR guide

A practical GDPR guide

There has been a lot of talk about GDPR in recent years, but what does it really mean in practice? Here we provide you with information about what you as a customer of Increo can expect from us as data processors, as well as what your company needs to consider

Luca Ratiu
Operations
Publisert
17
.
11
.
23
Publisert
19
.
03
.
18
Sist oppdatert
20
.
12
.
23

New privacy policy to come into force 25.05.2018

GDPR stands for General Data Protection Regulation, and is a regulation from the European Union, which now also becomes law in Norway. This means that we will have a new privacy policy that will come into force on 25.05.2018. The new regulations give businesses new responsibilities when it comes to handling personal data, while individuals are given new rights. The intention of GDPR is to make the internet safer and better for most people, and this is something we at Increo take very seriously.

Although the new rules are a continuation of current legislation, new procedures need to be in place in all businesses and everyone in the organization must know and follow the new rules.

Increo has a dual role when it comes to privacy

We are responsible for all data we collect in connection with customer agreements, marketing communications and the like. We have a responsibility to our customers when it comes to guidance and advice in connection with GDPR. We will ensure that our customers are best equipped to deal with the new rules, as well as help them build a data collection solution that safeguards privacy. In addition, we are responsible for advising that the customer's instructions do not conflict with GDPR or other privacy rules. As a partner and data processor of personal data on behalf of our customers, Increo also has a partial responsibility to ensure that the rules are followed.

According to the GDPR, the customer must do his due diligence with respect to its processors, including Increo. The main person responsible for the processing of personal data remains the customer. It is not our responsibility to make sure the customer is doing their part. We can offer guidance/advice, but it is the clients who have the final say and are legally responsible for their decisions. Our duties are followed by a Data Processing Agreement, which is part of our Service Level Agreement.

Your Rights as a Private Person

The new rules mean that you have the right to greater visibility into what personal data is stored about you at an organisation. You also have the right to request that your personal information be deleted, and you are allowed to take your personal data with you to another business, to name a few. This places high demands on the companies when it comes to systematizing personal data in various databases.

Five GDPR Adjustments Every Business Must Make

  1. Identify what personal data they actually need to store. Only information that is needed and for which consent has been obtained shall be collected.
  2. Map out what personal data they already have stored and organize the necessary data in an orderly manner. Personal data shall be deleted when it is no longer necessary for the purpose for which it was collected.
  3. Collect and create rules for the automatic handling of personal data in line with the requirements, in order to avoid excessive manual handling.
  4. Communicate clearly and clearly to their users when it comes to privacy. You can do this by producing an easily understandable privacy statement on the website. You also need to clearly explain why, and for how long, personal data is stored, as well as clarify what data is stored at any given time, based on what actions users perform. Provide clear information about how a person who has their data recorded can request changes to the recorded data, delete the data and obtain information about what data is collected. Here you will find our privacy policy.
  5. Control how you request consent from users, how this is stored and documented. If the consent process does not meet the GDPR standard, it must be updated.

Do you want more information about GDPR? We are happy to help you analyze your website to find out what you can do to manage the GDPR rules in the best possible way, for both your business and your users. Do not hesitate to contact us!

Development

What can we help you with?

Morten M Wikstrøm
Morten M Wikstrøm
CEO, Consulting
Trondheim
morten@increo.no
/
976 90 017
Sebastian Krohn
Sebastian Krohn
Agency Manager, Consulting
Oslo
sebastian@increo.no
/
988 00 306

See also:

GDPR's new cookie policy: How to rig

Picture of the EU stars around a padlock

In Norway, it has been common for a broad interpretation of the GDPR's “cookie clause”. Now it's over. Are you absolutely sure you're not breaking the law? Here are the new guidelines -- and how to best follow them.

Data Protection Authority advises companies to find alternative to Google Analytics

Close-up of mac with analysis statistics on screen, with hands on keyboard

On Wednesday, March 1, the Danish Data Protection Agency shared an update regarding the use of Google Analytics, announcing decisions for the use of analytics tools on Norwegian websites.

Data Analytics — Simply Explained

Office desk with PC displaying graphs

If you want to do business in the new digital economy, you have to deal with data in some way. But are you harnessing its full potential? Here you will find an explanation of what data analysis is, what you can use it for — and how to proceed.

Drop the gut feeling. Make good decisions based on insight.

Smiling project manager showing something on a big screen to other people in a room

Your new web solution is up and running. So, what happens next? It can be tempting to lower your shoulders a bit and tackle other projects, but you know the better; It's now the work really starts.

What you need to know about cyber security in 2023

hands typing on a mac

New technologies, new threats and new methods: Security work is a project that never ends. But the biggest security holes are still ourselves.

Keep up to date with our newsletter