Personal Data Controller
The Purpose of the Processing
Information should also be provided on how the personal data is processed and the purpose of the processing. For example, the processing can take place in order for the company to be able to send ordered products to the customer or to perform an ordered service. Then the company needs to process the customer’s name and contact information as well as any other personal information. In addition, it must be clear what legal basis the company uses for the processing to be legal.
Categories of Personal Data
The company must also write down the types of personal data that are processed. For example, name, address information, telephone number, account information, e-mail address, profile pictures, IP address or other personal information.
How Personal Data is Collected
The data protection policy must also contain information on how the personal data is collected. For example, it can be done by a person contacting the company, or by the company entering into an agreement with a person.
How long the Personal Data is stored
Information about how long and where the personal data is stored must also appear in the data protection policy.
Personal Pata Processors and information about where the Personal Data is stored
If the company hires one or more personal data assistants, this must be stated, and the registered persons have the right to request information about who the assistants are and where the processing takes place. For example, within Sweden, within the EU or outside the EU. If personal data is processed outside the EU / EEA, there are special requirements, rules and regulations. Here you can read more about storing personal data outside the EU.
What the company does with the Personal Data
In addition, there must be information about what the company does with the personal data. For example, that the company registers the information in its internal registers, to offer better service or to save order history.
Rights of Data Subjects
It is also important that the data subjects’ rights are stated in the data protection policy. The registered persons have, among other things, the right to have free access to their personal data which the company processes. Registered persons also have the right to correct incorrect personal data. They also have the right to request the deletion of personal data, the right to have it moved (data portability) and the right to object to the data being used for direct marketing and profiling. Registered persons are also entitled to information about any data breaches and incidents.
Complaints to the Supervisory Authority
The data protection policy must also contain information on how and to whom the data subjects can submit complaints regarding the processing of personal data and that they always have the right to contact the Supervisory Authority.
News about GDPR and reviews from supervisory authorities
In addition to this information, you can also read our GDPR summary. And also about various news about the GDPR on this website. For example, audits carried out by Supervisory Authorities and sanction fees that they distribute. By learning from mistakes from others, it is possible to avoid making similar mistakes yourself. In addition, you can find information that is important and good to know as an entrepreneur as well as guides.
Summary of the GDPR for Companies, Entrepreneurs and Businesses
There is a lot of information about the GDPR that is important for companies, entrepreneurs and businesses to know about. We have therefore written a GDPR Summary and mention various key elements. Therefore, we are able to provide an overview of the GDPR, what it means and what companies must do to comply with the EU regulation.