GDPR stands for General Data Protection Regulation and the purpose of the legislation is to protect personal data in the EU and give citizens more control of their data.
One set of rules for all enterprises also means more equal terms for everybody who carries on business in the EU.
The GDPR contains a number of requirements as to how enterprises are to protect and process personal data. This applies to SmartWeb, but also to our customers.
On this page, you can read more about what we do to comply with the new GDPR - and what you can do yourself.
Controller and processor
It is important to know whether you are processor or controller. Because that is of importance for what you must comply with in the regulation.
The controller is the person or organisation that decides the purpose of the data. That is you, then, as a business owner. The enterprise must be able to announce to customers how and why personal data is used and is responsible for security and the use of the personal data of the users.
The processor is the party that processes personal data on behalf of the controller. Processors are for example all third party suppliers such as us at SmartWeb, e-mail providers, ERP systems and the like.
What do we do at SmartWeb?
Helping our customers comply with statutory requirements in the field of IT security means a lot to us at SmartWeb. Helping our customers comply with statutory requirements in the field of IT security means a lot to us at SmartWeb. Therefore, we are always concerned with IT security. The GDPR has intensified our activities and resulted in new aspects and focus areas.
At SmartWeb, the GDPR work has been going on for a long time so that we can have new functions and terms ready for you before 25 May. Specifically, we are concerned with two things.
Data processing agreement
As a user of SmartWeb, you must sign a data processing agreement. We are already in the process of drawing up the data processing agreement which will reflect how SmartWeb processes the data of customers.
In other words, it is an agreement that at SmartWeb we can process and store data on your behalf and what it involves. It is important that the agreement is signed before 25 May.
The agreement will be ready during April (at the latest at the beginning of May) and when it is ready you can sign it when you log in to your SmartWeb solution.
The data processing agreement means that you can be certain that we comply with the new personal data regulation in our capacity as processor.
Dashboard in the SmartWeb administration
We would like to make it as easy for you as possible to process the personal data of your users.
Therefore, we are working on a data panel in the Smartweb administration so that you can easily set up automatic delete and/or anonymization of your customer data on orders and users.
We are also working on a better possibility of gaining customer insight and export options in relation to the personal data that is stored together on your customers.
Getting started with the GDPR
Do you still have questions as to how to get started? On these pages, you can find more information and guidelines for your own GDPR process.
The Danish Data Protection Agency
The Danish Data Protection Agency has made a number of guidelines for the new data protection regulation of which some are in English. The Agency has e.g. made an English template for a data processing agreement which helps your enterprise become ready for the new data processing regulation.
The EU has made this infographic which we find explains the GDPR in an easy and clear manner. Of course, you can find much more information on the EU’s own website if you want to find a more thorough explanation of the new rules.