How is Assently preparing for GDPR?
For many companies, the GDPR means big changes. As a SaaS provider, Assently acts as a Data Processor for its customers who are Data Controllers.
We're continually developing our services for e-signing and e-identification to make them ready for the current and new demands put on businesses processing personal data. We've identified a range of areas that we are developing:
Examples of areas:
- Data portibility
- Data minimization
- Breach reporting
- Privacy by Design and Privacy by Default
- Continually improve our security measures in our daily security work
In parallel Assently is improving the procedures for the own personal data processing.
What is the GDPR?
The General Data Protection Regulation (GDPR) is the reformed data protection legislation that succeeds the data protection directive of 1995, enacted in Sweden as The Personal Data Act (Personuppgiftslagen, PUL). The GDPR strengthens individuals rights and places new obligations on companies and others who processes personal data – Data Controllers and Data Processors.
What rules are in place today?
The Personal Data Act is applicable until the GDPR starts being applicable on May 25th 2018. Assently is a Data Processor for its customers who are the Data Controllers.
How can I who have signed an agreement using the Assently E-sign Service know more about the processing of my personal data?
You can contact the company who sent you the agreement, who is the Data Controller, and make a subject access request according to section 26 of The Personal Data Act.
Always direct your request to the company who sent you the Agreement, the Data Controller.
Read more about your rights on the Swedish Data Protection Authority's website.