Our system and GDPR

This is a summary of questions related to GDPR, for systems in which AddMobile is the supplier and so-called Personal Data Processor for the user company. We also report measures that AddMobile is working on to facilitate the user company’s responsibility as Personal Data Controller.

What is GDPR?

On 25 May 2018, the General Data Protection Regulation (GDPR), a regulation for EU countries (plus Norway, Iceland and Liechtenstein) replaced the Swedish Personal Data Act (PUL). Its purpose is to create a uniform and harmonised level for the protection of personal data so that the free movement of personal data within the EU/EES is not hindered.

The purpose – to protect the privacy of individuals

The purpose of GDPR is to strengthen the protections for private individuals’ privacy relating to data processing of personal information, that is, all conceivable information applying to a particular individual (address, telephone number, gender, social security number, personal preferences, purchasing history and so on). The law gives the individual the right to greater transparency and the opportunity to influence how their information is processed. A basic principle of the law is that personal data may not be processed more than necessary for the stated purpose, with limits on the processing, such as the amount of data, how long it is saved, etc.

What applies to you as a company and a Personal Data Controller?

Personal information is handled by most businesses. It can, for example, be information about a company’s own employees or contacts at clients or suppliers. As a company, you are responsible for ensuring that the collection and handling of personal information is done in the correct way as well communicating what you do, which mainly concerns routines and understanding among employees and users of the system. As a company, you are a Personal Data Controller, and must keep track of what data you process, to what ends and more. Technical and organisational data security – the protection of data against unauthorised access, destruction or altering – is also important. The penalty for not following regulations can amount to up to 20 million euros or 4% of yearly turnover.

As companies and Personal Data Controllers, what do you need to do?

As companies, you must, for each system you use (Excel, Word, websites, etc.), report what personal data you process (such as store data) and for what purpose. As long as the information has a legal basis, your purpose is according to the law and you only use the information for your stated purposes, you have the right to process it. Besides informing affected people about what kinds of information you handle and for what purposes, you need to be able to inform an individual about what information you have about them. You also need to have routines for properly removing information from your system which no longer serves its purpose. As Personal Data Controllers, you must establish a Personal Data Assistant Agreement (PuB agreement) with the suppliers that process personal data for your company, including AddMobile. Many companies must also appoint and report who the Data Protection Officer – the individual responsible for information about your personal information – is. Please note that a Data Protection Officer is not responsible for compliance with the law. They are an internal resource and contact person in matters of personal data.

What does AddMobile do?

We have also created a Personal Data Assistance Agreement, which can easily be established between you and AddMobile. It is obligatory to draw up such an agreement and it has been sent to you for approval. We also request certain information that we are required to register. If we do not receive these mandatory agreements and information, we may ultimately be forced to terminate the services you use. It is therefore very important, both for you and for us, to make sure you respond.

The systems have routines for reporting, deleting and anonymising personal data to enable you to manage your obligations as a company responsible for personal data.

When it comes to data security, we can take care of protection at our end, using secure technical solutions. As customers, you should make sure you are using the latest versions of our systems. It is equally important that you set up and use the systems correctly, ensuring that each person has access to the right information for their work tasks and that no unauthorised persons have access to that information.

If you have any GDPR-related questions concerning AddMobile’s system, feel free to contact us at gdpr@addmobile.se.

Recommended links with more information on GDPR

The Swedish Data Inspection Authority in English:

Verksamt.se GDPR guide, providing step-by-step information on how businesses can keep track of how they are doing in terms of GDPR:

Want to know more?

Give us a call and we’ll discuss your needs, digitalisation or whatever you like.

+46 40-66 33 100

I want AddMobile to contact me