A practical GDPR guide

There has been a lot of talk about GDPR in recent years, but what does it really mean in practice? Here we provide you with information about what you as a customer of Increo can expect from us as data processors, as well as what your company needs to consider

Luca Ratiu
Operations

New privacy policy to come into force 25.05.2018

GDPR stands for General Data Protection Regulation, and is a regulation from the European Union, which now also becomes law in Norway. This means that we will have a new privacy policy that will come into force on 25.05.2018. The new regulations give businesses new responsibilities when it comes to handling personal data, while individuals are given new rights. The intention of GDPR is to make the internet safer and better for most people, and this is something we at Increo take very seriously.

Although the new rules are a continuation of current legislation, new procedures need to be in place in all businesses and everyone in the organization must know and follow the new rules.

Increo has a dual role when it comes to privacy

We are responsible for all data we collect in connection with customer agreements, marketing communications and the like. We have a responsibility to our customers when it comes to guidance and advice in connection with GDPR. We will ensure that our customers are best equipped to deal with the new rules, as well as help them build a data collection solution that safeguards privacy. In addition, we are responsible for advising that the customer's instructions do not conflict with GDPR or other privacy rules. As a partner and data processor of personal data on behalf of our customers, Increo also has a partial responsibility to ensure that the rules are followed.

According to the GDPR, the customer must do his due diligence with respect to its processors, including Increo. The main person responsible for the processing of personal data remains the customer. It is not our responsibility to make sure the customer is doing their part. We can offer guidance/advice, but it is the clients who have the final say and are legally responsible for their decisions. Our duties are followed by a Data Processing Agreement, which is part of our Service Level Agreement.

Your Rights as a Private Person

The new rules mean that you have the right to greater visibility into what personal data is stored about you at an organisation. You also have the right to request that your personal information be deleted, and you are allowed to take your personal data with you to another business, to name a few. This places high demands on the companies when it comes to systematizing personal data in various databases.

Five GDPR Adjustments Every Business Must Make

  1. Identify what personal data they actually need to store. Only information that is needed and for which consent has been obtained shall be collected.
  2. Map out what personal data they already have stored and organize the necessary data in an orderly manner. Personal data shall be deleted when it is no longer necessary for the purpose for which it was collected.
  3. Collect and create rules for the automatic handling of personal data in line with the requirements, in order to avoid excessive manual handling.
  4. Communicate clearly and clearly to their users when it comes to privacy. You can do this by producing an easily understandable privacy statement on the website. You also need to clearly explain why, and for how long, personal data is stored, as well as clarify what data is stored at any given time, based on what actions users perform. Provide clear information about how a person who has their data recorded can request changes to the recorded data, delete the data and obtain information about what data is collected. Here you will find our privacy policy.
  5. Control how you request consent from users, how this is stored and documented. If the consent process does not meet the GDPR standard, it must be updated.

Do you want more information about GDPR? We are happy to help you analyze your website to find out what you can do to manage the GDPR rules in the best possible way, for both your business and your users. Do not hesitate to contact us!

No items found.
No items found.

What can we help you with?

Morten M Wikstrøm
Morten M Wikstrøm
CEO, Consulting
Trondheim
morten@increo.no
/
976 90 017

See also:

Keep up to date with our newsletter