Ensure that your company’s, your organisation’s or your association’s management and processing of personal data is in accordance with the new data protection regulation, GDPR.

 

HOME    |    GDPR-CERTIFICATION    |    OUR OFFER    |   ABOUT US    |   FAQ    |    MY PAGES

FAQ

  • What is GDPR?

  • Which companies are affected by GDPR?

  • What is the purpose of the new data protection regulation, GDPR?

    • Meet technological changes
    • Enhance the privacy and integrity of the individual, and improve the protection and availability of an individual’s personal data
    • Place focus on the archiving/erasure of data
    • Impose requirements on clearer consent from all persons
    • Ensure free movement of personal data within the EU

    Read more at the site of the Swedish Data Protection Authority, the supervisory authority in Sweden

    and at FAR for their clear recommendations

  • What is meant by personal data?

    According to the Swedish Personal Data Act, personal data refers to all types of information which can directly or indirectly be related to a living natural person. Images (photos) and audio recordings of individuals that are processed in a computer may also be classified as personal data, even if no names are mentioned. Encrypted data and different types of electronic identities, for example IP addresses, are classified as personal data if they can be connected to natural persons.

    Source: The Swedish Data Protection Authority

     

  • Who is the personal data controller?

    The personal data controller (or simply “controller”) is normally the legal person (for example a limited company, foundation or association) or the authority that processes personal data within its operations and determines what data is to be processed and for what purposes the data is to be used.

    For example, if a limited company maintains a customer register, the company is the controller in relation to the processing of the personal data contained in the register. It is the company that has decided that a customer register shall be established and the purposes for which such a register shall be maintained, and the company is thus responsible (the “controller”) for the personal data contained in the register. The fact that an employee within the company has decided that a customer register shall be established can never mean that the employee (person) in question is the controller for the personal data in the register. Nor can a person who is the Systems Manager within a company or an authority be deemed to be the personal data controller.

    If several legal persons decide over a certain processing of personal data, they can jointly be the controller in relation to such data. The same applies to databases used jointly by authorities (unless something to the contrary is stipulated by law or regulation).

    On the other hand, a person who processes personal data on his own behalf (outside the scope of any employment relationship) is himself the personal data controller for such processing. Sole traders represent one example of persons who themselves can be the personal data controllers for the processing of personal data. A business that is run on a sole trader basis is not a separate legal person, and the sole trader is personally responsible for ensuring that personal data is processed in accordance with the Swedish Personal Data Act.

    The role of personal data controller in a municipality normally rests with the municipal boards that are so independent that they are administrative authorities. A municipal board that is an administrative authority is thus the controller in relation to the processing of personal data that is carried out by the board.

    The identity of the personal data controller for a certain type of processing can also be specifically stipulated by law or ordinance, for example in special register laws.

    Source: The Swedish Data Protection Authority

     

  • What constitutes personal data processing?

    All forms of operation involving personal data constitute personal data processing, for example collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    Source: The Swedish Data Protection Authority

     

  • Why an EU regulation, and how does it compare to national law?

    A regulation is a type of binding EU act that can be adopted by the European Union’s institutions. Regulations represent the most forceful type of EU act and are used to introduce uniform and directly applicable provisions within the EU. Regulations have general validity and are binding in their entirety and are directly applicable in all member states. They can be invoked in a national court of law just like a national law, without any requirements on a member state to have undertaken any implementation measures. The main purpose of a regulation is to determine uniform provisions. All regulations must have legal grounds in the EU’s treaty. Regulations that are adopted in accordance with a legislative procedure represent legislation. If the European constitution had come into effect, the term ”regulation” would have been replaced with ”European law”.

  • What is Vitaprivata GDPR certification?

    Vitaprivata GDPR certification is a tool designed to manage and facilitate compliance with the new data protection regulation, GDPR.

    GDPR certification can be used by companies, associations, organisations and authorities.

    GDPR certification provides the opportunity to structure the company’s personal data in a clear manner that allows for a good overview. It is possible to include an unlimited number of categories of personal data in one account. It is also possible to document personal data processors (“processors”) and assignments. The tool provides a good overview of the management and processing of personal data and is an excellent aid when it comes to organising processor agreements, producing personal data breach reports for individuals and for the supervisory authority, and producing documentation to facilitate communication in accordance with the duty of information to your data subjects. Furthermore, GDPR certification has a menu full with functions when it comes to technical security measures and how to work with these.

     

  • How much does it cost, and how do I pay?

    When you create an account under My Pages and commence the business’ GDPR process, you pay a subscription fee of €22 per month as well as the one-off start-up fee of €399. This gives you access to the business’ account at My Pages during the subscription period, for which you are charged SEK 225 each month (initial period of at least three months). In this way you can continuously update your documents under My Pages.

    You can choose to pay the start-up fee and the first month’s subscription fee by way of invoice via Vitaprivata or through a credit/debit card company.

    Quarterly invoices apply if you choose the invoice alternative, in other words you will be required to pay for three months at once.

    There is no minimum commitment period in terms of how long you must have an active GDPR account (other than the standard notice period of three months), but we strongly recommend that you subscribe to the service so that you can update your GDPR account on an ongoing basis.

    As mentioned, a notice period of three months applies for cancellation of the subscription, which means that you must pay for a further three months after you notify us of your intention to cancel your subscription. Naturally you continue to have access to your account throughout the entire notice period. If, after cancelling your subscription, you subsequently realise that you need your GDPR account again, you will have to go through the whole process again, including payment of a new start-up fee.

  • Where is the data stored that is entered into the online tool?

    Your data is stored on servers that are owned by Vitaprivata AB in Gothenburg

  • We manage personal data that is sent to a third country and/or personal data of a sensitive nature, and/or we use camera surveillance. What should we do?

    We can help you with all these issues via our extra services. Certain issues can be addressed directly at Vitaprivata, while others need to be managed via an external consulting firm.

Vitaprivata AB, Box 14001, SE-400 20 Gothenburg, Sweden.
Phone +46 760 45 82 72
E-mail info(at)vitaprivata.org

Org. nr. 559141-8834

Copyright 2018

V. 3.1

Private Policy

Terms & Conditions

HOME    |    GDPR-CERTIFICATION    |    OUR OFFER    |   ABOUT US    |    FAQ    |    MY PAGES

HOME    |    GDPR CERTIFICATION    |    OUR OFFER    |   ABOUT US    |    FAQ    |    MY PAGES

Ensure that your company’s, your organisation’s or your association’s management and processing of personal data is in accordance with the new data protection regulation, GDPR.

 

Vitaprivata AB

Box 14001, SE-400 20 Gothenburg, Sweden.
E-mail info(at)vitaprivata.org

Org. nr. 559141-8834