GDPR-Hjälpen

As soon as a company has customers, suppliers, members, or employees, it needs to comply with GDPR. However, it doesn’t have to be difficult. We help businesses and organizations with GDPR! You can focus on your operations, what you know best, while we help prepare the documentation and materials you legally need for your business. Whether you’ve worked extensively or only a little with personal data and legal requirements, we assist you in meeting the demands GDPR places on businesses today. We always ensure to provide you with concrete information, clear explanations, and help you understand what actions you need to take within your company while ensuring your business complies with existing legal requirements.

All work is overseen by a lawyer with a Swedish law degree and certification as a data protection specialist. Read more about us here.

GDPR-Hjälpen, a service provided by Yellow Pad AB.

GDPR-hjälp som förstår företag.

How can we help your company with GDPR

We assist you and provide the tools you need to work with GDPR and data protection issues within your organization. We know GDPR and understand how the regulations apply to different types of businesses, but you know your organization and operations best. We help you understand what is needed to comply with GDPR and give you the right foundation to have the appropriate documentation tailored to your specific business and its development.

If you already know exactly what documentation you need, we create documents specifically customized for your industry. Alternatively, we work together to determine your next steps.

Doing the right thing shouldn’t be hard!

Vi förstår vad du behöver för att komma vidare med GDPR

Get our GDPR Guide!

Explore our GDPR Guide specially designed for business owners. It's a perfect foundation for your data protection work and an introduction to what you need to consider to ensure your business complies with GDPR.

Enter your email address below to access the guide and download it for use in your business.

Förklarar GDPR för dig.

Download our GDPR checklist!

Take advantage of our GDPR self-assessment, where you can identify what steps you need to take to ensure GDPR compliance for your business. It can easily serve as a GDPR checklist.

Enter your email address below to access the checklist and download it for use in your organization.

Checklistan för företagare

What do others say about GDPR-Hjälpen?

Do you need a GDPR analysis?

Many companies have done a lot of work and are now at a point where it's time to collectively review the company’s GDPR efforts. With the help of our GDPR analysis, we can evaluate your existing data protection work and provide concrete suggestions on actions you can take to increase your GDPR compliance.

The analysis results and actions will be delivered to you in a report containing a plan designed to be easy for you to understand and simple to implement, so you can begin your improvement efforts right away. The analysis report is written by a lawyer who is a certified data protection specialist.


En GDPR-analys för starka företag

3 easy steps to improve your GDPR compliance

The easiest way to ensure you take your GDPR efforts to the next level is through our three steps outlined below. This is perfect for those who don’t have the time to dive into what needs to be done but prefer to answer a few questions at a time that works for you, and then receive tailored answers and subsequent steps customized for you.

All work done by GDPR-Hjälpen is overseen by a trained lawyer who is a data protection specialist.

Nulägesanalys GDPR

Compliance report

With the help of our compliance analysis, we identify areas where your business can improve its work with GDPR.

Implementera GDPR

Implementation

With the support of GDPR-Hjälpen’s tools, we will then work together to create routines and documentation to ensure your business meets the requirements of the data protection regulation.

Kontinuerligt arbete med GDPR

Ongoing Work

Our goal is for you to be able to handle the ongoing data protection work as much as you want, but we are always here as support.

If you already know exactly what your next step in your GDPR work is, we can help you create the right documents for your organization. Contact us via the form below.

Clear and predictable

GDPR assistance should neither be complicated nor have unexpected costs or requirements.

GDPR behöver inte ta för mycket tid

Time

We understand that your time is valuable, which is why we make it easy for you to understand and work with our tools.

GDPR med tydliga priser

Price

Price can be a decisive factor when seeking help with legal matters. With our services, you receive a predetermined price without any unexpected surprises. Contact us to learn more.

Övriga GDPR-tjänster

Other services

We can also assist with creating documentation tailored to your business, provide legal advice on data protection issues, or offer lectures and training on GDPR.

About GDPR

The Data Protection Regulation, better known as GDPR, is an EU regulation that governs how the processing of individuals' personal information may be carried out by companies and organizations. The regulation came into effect on May 25, 2018, and specifies how personal data can be handled and on what grounds. It covers the personal data of all individuals within the EU. Any processing of personal data by a company must have a clear and documented purpose, there must be mechanisms in place to protect the collected data, and there must be clear accountability. All of this and much more is something we can assist you with. Doing the right thing should be easy!

The full GDPR can be read here.

Who needs to follow the GDPR?

GDPR (The Data Protection Regulation) applies to all companies operating within the EU.

Vem behöver följa GDPR?

What is considered personal information?

Any information that can be used to identify an individual. Name, address, and phone number are some of the most common types of personal data. However, photos, email addresses, and license plate numbers can also constitute personal data. This applies to all individuals, including both employee and customer information.

Vad räknas som personlig information?

Why was GDPR created?

The Data Protection Regulation was created to protect individuals' personal information.

Varför skapades GDPR?

FAQ about GDPR

GDPR, what law is it?

GDPR is its own law, known as the Data Protection Regulation in Sweden. It applies to almost all companies and organizations in Sweden and the EU. It also applies to many who are active in other countries. It is the company's responsibility to determine whether they need to comply with the law.

What is GDPR?

GDPR is a law that came into effect in Sweden due to our EU membership. It regulates how personal data about individuals can be processed. Its primary purpose is to protect individuals. According to GDPR, you cannot store any personal information longer than necessary, and you must always be able to justify why you have the information. You can no longer store personal data just because "it might be useful."

What is the difference between GDPR and the Data Protection Regulation?

When talking about GDPR, we are referring to the Data Protection Regulation. GDPR is an abbreviation of the regulation's name in English, General Data Protection Regulation.

Who must comply with GDPR and who is affected by GDPR?

All companies and organizations that process personal data of individuals within the EU are required to comply with GDPR.

Which personal data is covered by GDPR?

Anything that can identify a person is considered personal data and must be handled according to GDPR.

What happens if I don't comply with GDPR?

If a company does not comply with GDPR, they may be required to pay so-called sanctions fees, which are similar to fines. The fees vary depending on the severity of the violation and the company's turnover. The maximum amount for serious violations is either 20 million euros or 4% of global turnover, whichever is higher. For less severe violations, the maximum is 10 million euros or 2% of global turnover, whichever is higher.

What are personal data?

Personal data is anything that can identify a person. Exactly what constitutes personal data may vary from case to case, but typically it includes names, phone numbers, email addresses, photos, addresses, etc. Typical sources of personal data are customer registers, personnel information, and details about a company’s own employees, contact details for suppliers when they include individual names (e.g., bengt.bengtsson@bilmekaniker.se could be personal data, while kundsupport@bilmekniker.se is probably not).

Are photographs personal data?

Yes, photos with identifiable individuals are personal data. Simply put, if a person can be recognized from the picture, it is personal data.

When can we keep personal data?

Personal data can be kept or retained when there is a so-called legal basis for it. This may be when you have received consent from the individual, are required by law to store personal data, have a legitimate interest in keeping the data, base it on a contract that allows processing, do it to protect vital interests, or perform public tasks or tasks of public interest. Regardless of which legal basis applies to the processing, you must be able to identify and justify why that particular basis is applicable.

How long can we keep personal data according to GDPR?

It depends on which personal data is collected and why it was gathered in the first place. For example, the Swedish Bookkeeping Act requires some information or documents to be stored for a few years, there may be obligations to store data for a certain warranty period, or a need to store data for a newsletter a customer has opted into. When the reason for storing the data has ceased (e.g., the customer relationship has ended), and there is no other legal reason to retain it, personal data can no longer be stored.

Do I need a "Privacy Policy"?

You are required to inform individuals whose personal data you process about what you do with the data, why you do it, and what their rights are. This is typically done through what many call a Privacy Policy or Personal Data Policy.

Do I need both a privacy policy and a cookie policy?

Yes, although they partially overlap, they cover different legislation. It is recommended that if you have a website that uses cookies (which most websites do today), you should have both a Privacy Policy and a Cookie Policy.

How often do I need to update the company’s GDPR work?

Working with GDPR compliance has been a requirement since the law's introduction in 2018. It should be an ongoing process that is updated regularly to address new circumstances and clarifications. During an inspection by supervisory authorities, they may review how you work with GDPR and how actively you maintain it.

No one has ever asked me about GDPR, do I really need to keep working on it?

Yes, this is a legal requirement, and both within the EU and in Sweden, it has been communicated that, unlike the initial years after GDPR's introduction, the focus on compliance in small and medium-sized companies will increase, along with greater awareness among individuals about their rights. Therefore, there is a higher likelihood that more and more people will inquire about GDPR. Furthermore, market trends and surveys show that GDPR compliance is increasingly sought after and assessed by potential investors and buyers when investing in or acquiring companies.

Contact us

If you have any questions, do not hesitate to reach out (info@gdprhjalpen.se).
We are located in Lomma, but help companies all over Sweden.