Your GDPR-guide for small businesses

GDPR compliance? You may be thinking
"I know I need to do it, but let's take action tomorrow."

But GDPR is not a nice-to-have. In fact, you must comply - just as you need to pay your corporate taxes.

Chat With Us Now

or send an email to hello@konsento.io.

Have you put-off working on GDPR compliance due to a lack of time or money?

Stop worrying today. Use our handbook, templates, and software.
Become GDPR ready - here and now!!

We have help many companies become GDPR compliant!

1

Follow our GDPR guide

We have created an actionable GDPR guide that will help you save time and money.
2

Use our tools and templates

Use our tools such as our privacy notice generator, consent management system, cookie banner/widget, data subject access request portal and much more to take the hassle out of GDPR compliance.
3

Feel safe

You can now feel safe knowing that you have taken neccessary action to reach GDPR compliance.

Chat with us to kickstart your GDPR compliance

Or send us an email to sales@konsento.io
our prices

An executive summary of our GDPR-guide

Go ahead and read our executive summary for the GDPR-guide - this will give you a good introduction and an idea of what to expect.

We know how rewarding it is to run your own business — as long as you avoid the boring stuff, of course! GDPR is almost certainly one of the duller parts of running your own business, but unfortunately you can’t ignore it, just like you can’t ignore paying tax or following legislation.

The aim of this handbook is to help you and your company by offering practical guidance about what you need to do to comply with GDPR. Look at this guide as a way of kickstarting your company’s journey towards GDPR compliance.

All businesses need to comply with GDPR, the new EU General Data Protection Regulation that replaced the Swedish Personal Data Act (PUL) in May 2018. GDPR legislation applies to all EU member states, and a breach of GDPR can result in consequences ranging from a reprimand that requires action to a fine of up to 4% of your company’s turnover.

Are you still able to handle personal data?

Absolutely — you just need to have the right legal basis to for processing the personal data. In this guide, we examine precisely what these legal grounds are.

The underlying aim of GDPR is very positive—you’ve probably seen reports of personal data being used to influence elections, for example. GDPR exists to protect individuals’ fundamental rights and freedoms, and is intended to prevent the misuse of information without incurring serious consequences.

It’s unlikely that you’ll comply 100% with GDPR for a number of reasons—but what’s important is that you try your best! This guide ensures that your company will do much more to comply with GDPR than most, which is good for you and shows your customers that you take their personal integrity seriously.

What is personal data?

Personal data is any information that can be used to identify a natural, living person, directly or indirectly alongside other information. You don’t need to be a rocket scientist to work out that a great deal of information is now classified as personal data, including your name, email address, IP address and much more.

GDPR requires you to provide information about how you process personal data. This is achieved by your integrity policy and other measures. Konsento allows you to create and upload your integrity policy to your website, which can then simply be updated—without needing to involve IT professionals.

In order to determine how you process personal data you first need to create an inventory and a register of the personal data you process. We help you by providing concrete examples and a template that you can use to create your own register.

This register needs to be digital and you must be able to show this to the authorities on request.

You’re also responsible for ensuring that your sub-processors (think customer relationship management (CRM) systems etc.) comply with GDPR, which means that you need to produce a Data Processing Addendum. We provide you with complete texts that you can use to obtain the right information from your sub-processors.

Stricter consent requirements

You’ve probably seen the consent boxes that you’re required to tick on many websites. These are used to obtain your consent to processing your personal data. But did you know that GDPR specifically bans pre-ticked opt-in boxes?

If you use consent as the legal basis for processing personal data, you need to be able to show when the consent was given, and what information you provided to the individual giving their consent. Does your website do this at the moment?

Konsento provides you with an advanced consent management system and suggestions about how to minimise the number of irritating pop-ups on your website.

Rights of individuals

GDPR provides all EU citizens with additional rights that we’ll be covering in more detail in this guide. A key feature is that individuals can exercise their rights, and that you have one calendar month to respond.

The Personal Data Act allowed you to levy a small service charge, but this is no longer possible under GDPR unless an individual makes multiple requests for the same information. So how will you keep track of these requests so that you know if you can charge a fee or not?

Konsento provides you with an easy-to-use form that individuals can use to enter their information and exercise their rights. You also get an accessible case management system that allows you to keep track of information requests and ensure that no cases fall between the cracks.

This guide is based on information from the Swedish Data Protection Authority’s website and the Information Commissioner's Office website, as well as our own experience of helping companies and organizations get started with GDPR compliance.

All companies process personal data a little differently, which means that following this guide doesn’t necessarily mean 100% compliance with GDPR. If you feel that you need further expert advice in any area, we recommend that you contact an independent legal advisor specializing in GDPR.

Following this guide will clarify specific areas that you might need help with, which means that a legal advisor will be able to help you much more quickly (which probably significantly reduces the cost).

What are your waiting for?

Or send us an email to sales@konsento.io
Prices start as low as €49/month view pricing

Made in Stockholm

Our Blog

Privacy Notice

Why should I read this notice?

This notice explains how we at Konsento collect, use and protect your information. You should read it if you are, or want to become a customer.

What information do you collect about me?

Customers: When you sign up for Konsento, we collect your e-mail address and password and organisation name. With your consent, we will use cookies and similar technologies to collect information about your browser and your IP-address. You can find more information about that in the section about cookies below.

Customers: You are responsible for handling information about your data that you enter into Konsento. When you pay for your Konsento subscription, your payment information is collected directly by one of our payment service providers, (Stripe) [https://stripe.com] or (GoCardless)[https://gocardless.com]. We do not have access to your payment information.

How will you use my information?

We use your information to give you access to the Konsento platform and to send you e-mails about changes or technical issues that may affect platform performance. With your consent:

We use the information collected by cookies and similar technologies to analyze how you use our platform with the aim to improve our technical support by resolving technical issues faster and more effectively.
We e-mail you information about the Konsento service, such as notifying you about new or improved features.
We send you reminders, for example when you have not used the service a while.

How long do you keep my information?

Admins: We erase information about how you use our platform on an ongoing basis. We keep this information no longer than 3 years.
Admins: We will erase your information immediately after you cancel your Konsento account.

With whom do you share my information?

Technical service providers
The Konsento platform is built on top of several cloud services. We have to share your information with those services to make Konsento work. These services include:

Heroku: The heart of Konsento. Most of your information is processed here.
Papertrail: Collects logs, for example system and web logs.
Amazon: Cloud storage. Stores all files that admins upload to Konsento.
RedisLabs: Improves system performance by caching popular information.
Mailgun: Our e-mail provider. Delivers all e-mails sent from the Konsento platform or its users.
Intercom: Real-time chat for support and customer onboarding.

Marketing service providers

With your consent, we share some of your information, mostly usage data that contains as little information as possible about you, with the following marketing services:

Google: We use Google Analytics to collect usage statistics for our website. We share your IP-address and device fingerprint.
Facebook: We share information about the fact that you are using our website. Facebook uses that information to show you ads. You can hide these ads by changing your Facebook settings
Mixpanel: A tool to analyze your usage data. We use it to improve Konsento and to send you automated messages related to Konsento, for example a welcome e-mail that explains how the Konsento interface works.

Where do you keep my information?

We keep your information at one of Amazons’s datacenters near your location. If you are a member of an organization within the EU, your data will reside in one of Amazons’s datacenters in the European Economic Area. For technical reasons, we may transfer your data to countries outside the European Economic Area. When this is the case, we use appropriate safeguards, namely the European Commission’s standard contractual clauses and Privacy Shield.

What about cookies?

Cookies are small text files that websites store in your web browser when you visit them. Our website uses cookies for verifying your identity and remembering your preferences and settings. The table below explains the cookies we use and why.

Domain	Name	Purpose
.konsento.io	mp_mixpanel__c mp_*_mixpanel	These Mixpanel cookies (1) track the conversion from registered to logged in user, (2) collect information about how our users use Konsento, (3) and trigger automated engagement e-mails to users. mp_mixpanel__c expires after 1 day mp_*_mixpanel expires after 1 year
.facebook.com	fr	Collects data for displaying ads on Facebook. This cookie expires after 3 months.
.konsento.io	_drip_client_*	DripClient cookie. This cookie is tied to Drip.co, which is our newsletter e-mail service. This cookie expires after 2 years
api-iam.intercom.io	_mkra_ctxt intercom-id-jvziqjut	Two Intercom cookie that provide our real-time chat and collect information about the usage of the Konsento system to improve customer support. _mkra_ctxt expires after the session intercom-id-jvziqjut expires after 20 years

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Which rights do I have?

Access: You can request a copy of the information that we hold about you.
Correction: We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
Erasure: You can demand that we erase your information. We are not allowed to erase information about you that the law requires us to keep.
Data portability: You can ask us to transfer your information from our IT environment to another, either to another company’s or your own. This does not apply to information about you that the law requires us to keep.
Withdrawing consent: You can withdraw your consent for sharing your usage data or receiving marketing information at any time. You can do that by sending an e-mail to privacy@konsento.io.
Complaints: You can lodge a complaint with us or your local data protection authority at any time.

How can I exercise my rights?

Individual: If you would like to exercise any of the above rights, please contact your organization. Since your organization is responsible for your information, Konsento needs to have the permission of your organization to help you exercise your rights.
Admins: If you would like to exercise any of the above rights, please email or write to us at the following address: privacy@konsento.io. If you would like to lodge a complaint with your local data protection authority, please contact the authority directly.

Changes to this policy

We keep our privacy policy under regular review and we will place any updates on this webpage. This privacy policy was last updated on 2018-02-22.

How to contact us

We employ a Data Protection Officer who is responsible for all data protection issues inside Konsento. If you have any questions about this policy, how we use your information, or your data privacy rights, please contact our Data Protection Officer. You can do that under the following address:

Data Protection Officer
Great Minds Studio AB
c/o SUP 46, Regeringsgatan 65, 3f
111 56 Stockholm, Sweden
E-mail:privacy@ konsento.io