Worried about GDPR? We have a checklist for you

August 24, 2017Guides and tips, News, Offer

In May 2018, the new general data protection regulation (GDPR) will enter into force. This might make you worried about what to do and where to start, but don’t worry, Laurita Krisciunaite from Sällberg & Co has put together a checklist that you can follow to get an overview of the work you have in front of you. So let’s get started!

The GDPR largely resembles the current personal data act, but it will also bring some changes. Even though we have had the personal data act for a long time, the management of personal data has not been ideal. This becomes quite obvious when considering that the most commonly used paragraph is called “the abuse rule”. This means that most Swedish companies, authorities and organizations now face a major change in their management of personal data.

By now you should be reviewing what actions you need to take in your organization, in order to cost-effectively and efficiently adapt your business to the new general data protection regulation. The majority of the changes that have to take place should be done before the regulation is in play (and in some cases even before additional Swedish legislation is added). Some organizations will have a lot to do, others less. For this reason, we have created a checklist that you can follow to get an overview of the work you have before you.

1. Prepare and inform the organization

A thorough analysis of the current situation is an important success factor for each GDPR customization project. Personal data management rarely belongs to the core business of a company or organization, but as it is normally done in various parts of the organization, it is simplest if the project is led by the senior executive body. The reason for this is that they have an overview of the business and can easily determine what special needs you have, what resources are available and who will take the main responsibility for the remaining work. Next, you have to make sure to inform, and to different degrees educate, the co-workers in your company.

2. Take stock and document

The next step is to review what personal data you manage in your organization. Sensitive personal data requires you to be extra meticulous in your work. Examine any personal data that adds value or is critical to your business – and that you are entitled to retain – and delete everything else. You must ensure that you are fulfilling the requirements set up in the regulation for each set of information that you wish to keep and make sure that you have a clear purpose for why the data is kept.

3. Keep you customers informed

Once you have decided what personal data you want to keep, you should inform the physical persons whose information you have stored and inform them about:

  • What rights they have
  • How you manage their data
  • Why the data is stored
  • On what legal basis you are doing this
  • How long the data will be stored

You must also inform the data subjects, whose personal information you received from someone else (for example, purchased customer lists) or if you start using information that you collected for another, prior purpose.

This may seem a bit overwhelming, but it is better to be on the safe side, since the penalty fees can reach up to 4 % of your annual turnover. If you start early, you will on addition be able keep good relations with your customers by showing them that you take responsibility for their personal information.

4. Review you collaborations

You need to review collaborations you have with other parties where you share personal data. Do you have subcontractors or do you act as a subcontractor? Make sure that you have data processing agreements in place that regulate your obligations and rights (and appropriately regulate the risks since, according to GDPR, you are jointly responsible for many incidents).

5. Set up processes for the future

The regulation places high demands on organizational and technical safety proceedings. You need to review your systems and what additional actions that will be needed to ensure compliance with the regulation. Be sure to educate your staff, create processes and internal policies on how to handle personal information within your organization, ranging from how to obtain consent to how to delete personal data.

Don’t be afraid, get ahead

Initially, the regulation may seem overwhelming, but do not be afraid of it. The most important thing is to get started early and to take action. Ultimately, it will be a battle for the customer’s trust, as much of the data management in the future will be done based on consent. By doing this job early, you can win big market shares and create much closer relationships with your customers.

Want to know more? Contact Sällberg & Co!

Sällberg & Co is an entrepreneurial business law firm. At the moment, we are focusing on helping companies, authorities and organizations to adapt their business to the new general data protection regulation. We offer courses, consulting services and a proprietary IT solution, we help you to write and review your agreements, perform GAP-analyzes and data protection impact assessments, and much more.

Together with the IT company OMMH Scandinavia and external investors, we have developed GDPR Hero. It is a cloud-based tool that will help both small and large companies, but also authorities to comply with the regulation. GDPR Hero helps you to keep records of your personal data management. You also get access to checklists, standard agreements, news coverage and much more.

Do not hesitate to contact us if you want to know more or are interested in our tool and services!

laurita.krisciunaite@sallbergco.se

daniel@sallbergco.se

Phone: +46 46 273 17 17

www.sallbergco.se

www.gdprhero.se

A quick introduction to GDPR Hero

Does your company have the right insurance coverage? Use this checklist to find out

May 11, 2017Guides and tips, Offer

Annette Gustafsson is an Insurance Broker at AssuransSelector. They offer professionally negotiated insurance solutions, often in collaboration with London underwriters, based on global reinsurance plans that Swedish insurers usually cannot offer.

Annette Gustafsson, AssuransSelector
Annette Gustafsson, AssuransSelector

 “I think development companies should review these three key points in terms of insurance,” Annette says. She is the company’s representative at Ideon, where she has helped many companies to limit their risks within IT, med tech, drug development and clinical studies.

1 – Budget to enforce your patents

Comment from Annette: To get a patent in ten countries costs over one million SEK. It is easy to forget that it costs about the same amount to maintain the patent for ten years. A patent process in Sweden costs SEK 3-4 million or more. In the US, it costs at least SEK  6-10 million. So when you budget for patents, remember to review if you can afford to stop an infringement of your patent? Or if you can protect yourself, if you happen to infringe someone else’s patent? Get help to negotiate the right insurance solutions that cover this as well.

2 – With IPO, risk exposure also increases

Comment from Annette: It is easy to forget that with a board assignment follows personal responsibility for the company’s commitments. We see in our work how the ownership after a stock market introduction increases from a small number of people to a large number, and thus increases the risk exposure. Do not forget to get an insurance cover for the CEO and the board. Sometimes young companies find it difficult to get insurance because they cannot show enough positive financial statements, but there are opportunities for them too.

3 – We have signed an agreement, but does the insurance cover the commitments we make?

Comment from Annette: Signing agreements can be complicated in itself. But if you do notexplore the risks that the agreement can entail, the consequences can be really unpleasant.Therefore, it is important that you always look over the liability insurance before signing major business deals.

We’ll guide you through the jungle

Assurans Insurance can help you negotiate the best insurance solution for your business, whether you are a startup, medium-sized or large company, whether you have customers in Skåne or globally. Our focus is always on our customers, as well as continuously offering competitive solutions for high-tech companies in new areas. Understanding our customers’ operations is a vital part of our business and a necessity for providing optimal insurance solutions. Contact Annette Gustafsson, who is at Ideon in Beta 5 to hear more about what services they can offer your company: phone + 46 76 102 25 53 or by mail at annette@assuransselector.se. Find out more at http://assuransselector.se/