GDPR replaces the Swedish Personal Data Act (PUL) – ensure that your procedures are in line with the new regulation, today!
The 25th of May 2018 the EU introduces a new law which will bring forth stricter restrictions on the administration of personal information. This new law requires companies that manage any type of personal data assess their procedures on how the data is being managed and make necessary changes to follow the requirements of the new regulation.
We always develop Jeeves ERP in line with current security measurements and as a result, the system already includes features that supports GDPR. We therefore recommend that all customers assess their processes regarding personal information with Jeeves ERP. If you require assistance from a Jeeves representative feel free to contact us.
What is GDPR?
The 25th of May 2018 the EU introduces the new law on data protection management, General Data Protection Regulation (GDPR), which will mean stricter restrictions on the administration of personal information. GDPR is replacing the Swedish Personal Data Act (PUL) and affects all companies that collects, processes, stores and distributes data that, in one way or another can be tied to an individual, both structured and unstructured data (e.g. e-mail). The difference between PUL and GDPR can briefly be described such that companies no longer have the right to own personal information but now only borrows them, and that companies must show what and how they use the information.
The new regulation requires that an individual must give consent to companies for them to store his or her personal data, unless there is a legal requirement to obtain and store personal information (e.g. in health care, legal proceedings, or according to the Accounting Act). The individual may at any time revoke his or her consent, request modification or removal, and require printout statements of their personal information from the system. The consent applies only for the specified purposes. Administration of the information beyond that requires new consent.
If the regulation is not correctly met, regulators can impose heavy fines to organizations (up to EUR 20 million, or 4% of net sales), as well as damages to victims. We therefore recommend that each company appoint a controller that is responsible for ensuring that their organization is compliant with the regulation, and who is responsible for data protection (as data breaches must be reported to the regulatory authority). Controllers should also know what type of personal data the company holds and for what purpose.
Data protection regulation applies only to natural persons, not legal, where data processing is carried out within the EU. It also applies to non-EU businesses operating within the EU.
Who is affected?
Jeeves customers are affected differently by GDPR. We recommend that you identify what legal changes you must make to meet the requirements.
Once you have identified your legal obligations, the controller at each company can together with Jeeves’ Services organization discuss how best to facilitate your Jeeves ERP system so that you can remain GDPR compliant. to be compatible with GDPR
Where can I get more information?
Contact us at firstname.lastname@example.org to get the Jeeves and GDPR whitepaper, within this, you can read more about Jeeves ERP and the new data protection regulation