General Data Protection Regulation

What is GDPR?

On May 25, 2018, the General Data Protection Regulation, also known as GDPR, came into force. GDPR applies in all EU countries and replaces the Data Protection Directive (95/46 / EC) adopted in 1995. In Sweden, this directive has been implemented as the Personal Data Act PUL. GDPR replaces PUL.

In short, GDPR imposes stricter rules on how personal data may be collected, stored and managed. There is a requirement for transparency regarding data collection and storage. Individuals have the opportunity to demand to know what data is stored and to have the possibility to require that data be erased and / or edited in the case of incorrect information. In addition, private individuals have the right to move their data from one company to another if desired.

All this places both organizational and technical demands on companies. One should keep track of which data is stored and have routines on how data storage takes place. There is also a need for clear routines on how to provide the rights of private individuals, for example to get data about themselves.

What does eValent Group AB do?

In order to achieve the organizational requirements of the GDPR, eValent Group AB is working on developing a policy and internal routines to be addressed. An education about GDPR for all employees is planned and the e-commerce platform is adapted to be able to carry out the technical measures that GDPR places on eValent Group AB.

The technical adjustments are made on two levels.

The internal system is adapted to meet the technical requirements of the GDPR and the Nordic e-commerce e-commerce platform is adapted so that customers who have their stores at Nordic e-commerce must be able to meet the technical requirements set by GDPR

What does Nordisk e-commerce customers need to do themselves?

In addition to the technical requirements, the GDPR also sets organizational requirements in the form of having a look at what one stores and clear routines on how to deal with personal data etc. These things require Nordisk e-commerce customers themselves to take responsibility for and a good start is to inventory the existing personal data they store and evaluate where and how these data should be stored and managed in the future. When developing their corporate policy and procedures, they train their employees around GDPR and the regulations that have been drawn up.

To facilitate your work with GDPR

To facilitate your work, we have created a checklist that you can use in your GDPR work. The checklist describes places where personal data in your store can be stored, the most common legal grounds for which personal data can be stored and what you may need to do in your organization to meet GDPR requirements. In addition, the checklist describes the rights of registered persons

You can dowload the checklist here.

We have also developed a GDPR template that you can copy and use to inform your customers about GDPR. The template can be published on your website or used as e-mail mailing

You can dowload the template here

There is a hepdesk article where we describe step by step how to delete, change and anonymize personal data in the system. You can find the article here. Go to the article.

Personal Data Assistance Agreement

eValent Group AB undertakes to comply with personal data support agreements that you can download here.