GDPR – the new EU General Data Protection Regulation – how does it affect us?

At Paloma, we are working intensively to ensure that our business complies with EU's new general data protection regulation, which enters into force on 25 May 2018. We get a lot of questions from our customers about what the new regulation entails, what we’re doing, what you need to do, and who is responsible for what. We have sorted it all out below.

Note: It is important to keep in mind that there is not yet a common practice regarding GDPR, as the regulation is new and will not enter into force until May. Thus, we can only provide general information on what regulation entails.


What is GDPR?

Answer: GDPR refers to the General Data Protection Regulation, a new EU regulation that will enter into force on 25 May 2018. The new regulation (in Swedish called “Allmänna dataskyddsförordningen”) replaces PUL, the Swedish Personal Data Act.


To whom does the regulation apply?

Answer: All organisations, industries, and businesses that store, or in any way manage, personal information about their employees or customers. The regulation also applies to small business owners with a simpler website, blog, and/or that send newsletters to a group of people, regardless of the number of recipients. It is important to remember that GDPR not only applies online or digitally but to all forms of personal data collection.


What does the regulation mean, in broad terms?

  • Enhanced protection for the individual with respect to his or her personal data.
  • Significantly stricter requirements on personal data management.
  • Requirements for new procedures and processes for the management of personal data registries.
  • That those who use or collect personal data in any way must obtain proper consent from the individual subject.
  • That the individual may withdraw his or her consent at any time.
  • That information is included about why personal data are collected, if such collection is necessary, and what they will be used for.
  • That every individual has the right to be forgotten; that is, to have his or her data deleted from a company's registry.
  • That every individual has the right to have his or her data corrected and moved.
  • That every individual has much greater insight into the management and storage of his or her personal data. This means that the individual has the right to receive information on what data each company has on him or her at all times.
  • That it becomes illegal to collect personal data and sell them to third parties.


What is defined as personal data?

An identified or identifiable physical person (living). Names, images, e-mail addresses, telephone numbers, IP addresses, DNA, residential addresses, etc. All kinds of information, really, that directly or indirectly can be attributed and linked to a living, physical person.


Why is the new regulation being introduced?

Today, large amounts of data on all individuals are collected constantly. For example, when using digital tools and services, or moving through the digital world. The EU therefore wants to ensure a high level of protection for each citizen, adapted to the rapid technological development. The EU also wants to safeguard citizens’ integrity protection under the European Convention, which states that “everyone is entitled to respect for their privacy”.


How can each company, organisation, and industry prepare?

Each company and organisation must comply with the General Data Protection Regulation, which, in most cases, involves major transitions. The time has come to review current personal data management and create processes, procedures, and quality assurance systems in order to meet the requirements of the new regulation.


How is Paloma preparing?

We are reviewing the current personal data management, creating processes, procedures, and quality assurance systems in order to meet the requirements of the new regulation. We are also working hard with the development and changes required to enable our customers to properly apply the GDPR. 

An example of the above is that we are building different IT solutions linked to Magnet and Postman in order to facilitate customer compliance with the GDPR. Our intention is to make our web-based tools GDPR-compliant.


What do you, as a customer, need to do?

Here are some tips:

  • Make sure everyone in your organisation is familiar with the GDPR and what it means in general.
  • Review what personal data your company handles and stores.
  • Review what personal data your company currently collects.
  • Make sure you have a summary of why you have the personal data stored and in what way. Be transparent!
  • Promptly delete all unnecessary personal data as well as mailing lists that you do not use.
  • Report any breach or risk of data ending up in the wrong hands to the Swedish Data Protection Authority within 72 hours, and establish a protocol for how to go about it.
  • Make sure you have someone in charge for handling matters of the right to be forgotten.
  • Make sure you can prove that you have obtained consent from your newsletter recipients. Otherwise, you have to send out a specific request to obtain it.
  • Evaluate whether there is legitimate interest for sending out, for example, a newsletter to someone, or if you need to recreate your e-mail address list and obtain active consent.
  • Find out what consent means. The recipient/customer always has the right to withdraw his or her consent.
  • Specify what you are requesting consent for.
  • Note: Did you forget to add an unsubscription link to your newsletter? Do it today!


Data Controller – what does it mean?

Those of you who collect personal data are called data controllers. You are responsible for the following:

  • Understanding that personal data is a person's right.  That is, you do not own it, neither as a company nor as an organisation. The private individual does.
  • Respecting “Privacy by Default”. Do not collect data that you do not need.
  • As data controller, you determine the purposes and application of the principles.
  • Adhering to the principle that silence is not considered consent. Neither are pre-checked boxes and/or inactivity.


Data Processor – what does it mean?

We – Paloma AB and Magnet AB – are so-called data processors. This means that we are a party that processes personal data on behalf of the data controller. The data controller and data processor must establish a so-called data processing agreement. According to the General Data Protection Regulation, the agreement must include:

  • processes in the event of a data breach.
  • processes for reporting any data breach to the Swedish Data Protection Authority.
  • information that we, as data processor, have the highest security on our servers.
  • documentation of what personal data we store, how we store them, and why we store them.


What exactly is defined as collection of personal data...?

This is an important question to look into. Search the web and review your business. You can, for example, start by reviewing how names and e-mail addresses are stored on your server, on your website. And once you know what information you collect, you need to be able to answer why you do it!


How is consent formulated in the regulation?

Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she by statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” Pre-checked boxes and similar solutions are no longer permitted.


If a customer’s consent serves a variety of purposes? How does it work then?

In that case, consent should be given by the customer for all purposes.

If, for example, you send out a regular newsletter on the topic of running and have collected e-mail addresses in connection with this, and then want to write another newsletter on the topic of makeup, you need to obtain new consent. The people on your mailing list have not consented to subscribing to news about makeup.

Therefore, make sure to make clear what the customer consents to. Also make sure to clarify what the customer has consented to in the confirmation e-mail.


How will the regulation affect companies’ use of social media, such as Facebook, YouTube, Instagram, LinkedIn, etc.?

Companies are responsible for both their own and other users’ publication on social media. However, responsibility is affected by, for example, the ability to delete user publications or disable features, such as commentary, etc. A number of other measures in the area of social media will also be required. If you and your business are active in social media and have many followers, you can find more information about the issue online.


Get our smart tips on digital marketing. The newsletter will be published with about 10 numbers a year and of course we will not leave your address to anyone. Much pleasure!

Lämna följande fält tomt

Best software for newsletters & email marketing

The best software for newsletters is easy to use to create attractive design newsletters. Postman newsletter software serves you with smart features, enabling you to take your email marketing to the next level. 

The newsletter is a perfect channel for establishing and maintaining solid customer relations. As a result of the fact that customers of both today and tomorrow are living their lives online email marketing and newsletters is an essential key as well as an amazing opportunity to succeed with your communication. In a number of enquiries email marketing has turned out to have the best ROI (Return On Investment) of all channels, including social media.  

Using newsletter software doesn’t have to be tricky or hard. We have worked hard with usability and interface to make sure that our software for newsletters is as intuitive and easy as possible to get familiar with. 

You can create stylish newsletters without effort using our drag and drop editor. Heaps of automated features will save you time and frustration in the process of producing and sending your newsletter. 

If you are arranging an event you can connect to Magnet by Paloma – our software for guest registrations och online ticket sales. You are also able to retrieve immediate feedback by applying quick question in your email. 

If you have different departments or multiple editors working on your newsletters you can use editor accounts, with different access levels. RSS feed is another time saving feature for your newsletter. Allow content to be automatically generated from another source and avoid duplicating your efforts!

Free templates and plenty of tips & tricks 

Keep your communication consistent and solid using a newsletter template. Templates are also in favor of the continuous work with your newsletter as you will be fast on track instead of creating layout from scratch for every dispatch. You will have good looking ready made templates at hand for instant use. You will also have access to an archive to store your templates as well as other files such as images and documents. 

On our site, blog and in our newsletter you can find plenty of tips on digital newsletters and email marketing. 

Create & send newsletters in no time

Our easy to use software for newsletters will help you create professional, creative and interesting newsletters in html. 

✔️ Design, send and monitor with statistics

✔️ Filter, segment och target content at the right target audience

✔️ Retrieve content from another source automatically through RSS, avoid duplicating efforts 

✔️ Implement marketing automation with trigger email.

✔️ Intuitive and sharp drag and drop editor

✔️ Easy contact management

✔️ Smart feedback

✔️ Multiple editors.

Try Postman software for marketing newsletters & email

If you are looking to develop your business marketing newsletters and email Postman is a your perfect match. 

✔️ 9 out of 10 of our users recommend us and we have got 

✔️ 97% support contentment.

✔️ 100% of our employees recommend Paloma as a workplace.