Have you put-off working on GDPR compliance due to a lack of time or money?
Stop worrying today. Use our handbook, templates, and software.
Become GDPR ready - here and now!!
Follow our GDPR guide
We have created an actionable GDPR guide that will help you save time and money.
Use our tools and templates
Use our tools such as our privacy notice generator, consent management system, cookie banner/widget, data subject access request portal and much more to take the hassle out of GDPR compliance.
You can now feel safe knowing that you have taken neccessary action to reach GDPR compliance.
An executive summary of our GDPR-guide
Go ahead and read our executive summary for the GDPR-guide - this will give you a good introduction and an idea of what to expect.
We know how rewarding it is to run your own business — as long as you avoid the boring stuff, of course! GDPR is almost certainly one of the duller parts of running your own business, but unfortunately you can’t ignore it, just like you can’t ignore paying tax or following legislation.
The aim of this handbook is to help you and your company by offering practical guidance about what you need to do to comply with GDPR. Look at this guide as a way of kickstarting your company’s journey towards GDPR compliance.
All businesses need to comply with GDPR, the new EU General Data Protection Regulation that replaced the Swedish Personal Data Act (PUL) in May 2018. GDPR legislation applies to all EU member states, and a breach of GDPR can result in consequences ranging from a reprimand that requires action to a fine of up to 4% of your company’s turnover.
Are you still able to handle personal data?
Absolutely — you just need to have the right legal basis to for processing the personal data. In this guide, we examine precisely what these legal grounds are.
The underlying aim of GDPR is very positive—you’ve probably seen reports of personal data being used to influence elections, for example. GDPR exists to protect individuals’ fundamental rights and freedoms, and is intended to prevent the misuse of information without incurring serious consequences.
It’s unlikely that you’ll comply 100% with GDPR for a number of reasons—but what’s important is that you try your best! This guide ensures that your company will do much more to comply with GDPR than most, which is good for you and shows your customers that you take their personal integrity seriously.
What is personal data?
Personal data is any information that can be used to identify a natural, living person, directly or indirectly alongside other information. You don’t need to be a rocket scientist to work out that a great deal of information is now classified as personal data, including your name, email address, IP address and much more.
GDPR requires you to provide information about how you process personal data. This is achieved by your integrity policy and other measures. Konsento allows you to create and upload your integrity policy to your website, which can then simply be updated—without needing to involve IT professionals.
In order to determine how you process personal data you first need to create an inventory and a register of the personal data you process. We help you by providing concrete examples and a template that you can use to create your own register.
This register needs to be digital and you must be able to show this to the authorities on request.
You’re also responsible for ensuring that your sub-processors (think customer relationship management (CRM) systems etc.) comply with GDPR, which means that you need to produce a Data Processing Addendum. We provide you with complete texts that you can use to obtain the right information from your sub-processors.
Stricter consent requirements
You’ve probably seen the consent boxes that you’re required to tick on many websites. These are used to obtain your consent to processing your personal data. But did you know that GDPR specifically bans pre-ticked opt-in boxes?
If you use consent as the legal basis for processing personal data, you need to be able to show when the consent was given, and what information you provided to the individual giving their consent. Does your website do this at the moment?
Konsento provides you with an advanced consent management system and suggestions about how to minimise the number of irritating pop-ups on your website.
Rights of individuals
GDPR provides all EU citizens with additional rights that we’ll be covering in more detail in this guide. A key feature is that individuals can exercise their rights, and that you have one calendar month to respond.
The Personal Data Act allowed you to levy a small service charge, but this is no longer possible under GDPR unless an individual makes multiple requests for the same information. So how will you keep track of these requests so that you know if you can charge a fee or not?
Konsento provides you with an easy-to-use form that individuals can use to enter their information and exercise their rights. You also get an accessible case management system that allows you to keep track of information requests and ensure that no cases fall between the cracks.
This guide is based on information from the Swedish Data Protection Authority’s website and the Information Commissioner's Office website, as well as our own experience of helping companies and organizations get started with GDPR compliance.
All companies process personal data a little differently, which means that following this guide doesn’t necessarily mean 100% compliance with GDPR. If you feel that you need further expert advice in any area, we recommend that you contact an independent legal advisor specializing in GDPR.
Following this guide will clarify specific areas that you might need help with, which means that a legal advisor will be able to help you much more quickly (which probably significantly reduces the cost).