help.sitevision.se hänvisar alltid till senaste versionen av Sitevision
The General Data Protection Regulation (GDPR) came into force in April 2016 and became valid as law in Sweden from 25 May 2018. The law replaces the previous Personal Data Act and means that other requirements are imposed on companies, authorities and other organisations that collect personal data.
Read more about GDPR at datainspektionen.se.
The concept of unstructured data is used within GDPR. This is, for example, data that appears in free text on the website or intranet. This can be text in text modules, text answers in a questionnaire, and images with visible faces. You are responsible for filtering this kind of data.
The concept of structured data is used within GDPR. This is traditional storage of data in a database, such as a directory service.
From Sitevision 4.5 there is a function to anonymise structured data in Sitevision. Anonymising means, among other things, that information about a user in Sitevision is anonymised. In Social Collaboration, some data will be cleared (personal timeline, user fields, profile image etc.). Also, other data that is saved to the user such as user settings and data coming from directory services will be cleared.
This function includes both users and social profiles created in Social Collaboration.
Here we have compiled a list of things to consider for websites built in Sitevision:
We have a "consent box" that deactivates the Send button until the user has ticked the consent box. There is a central setting on the website that allows all form modules to receive a consent box.
Consent will be required when collecting personal data via forms. (Read more about What is personal data?)
For you as a customer it is also important that you set up a filtering procedure to clear out old form modules on the website, so that information is not stored unnecessarily.
Many Sitevision modules store messages in a log in the website's database. This log may also contain personal data. Sitevision saves logs in the Cloud environment for 6 months, they are then filtered. If you are self-running, be sure to have a filtering procedure to clear logs.
GDPR requires that all personal data is handled in a secure manner, which means that data sent via the Internet must be encrypted. This is easiest to do by installing an SSL certificate on your web server, so that you can use HTTPS instead of unencrypted HTTP.
Are you using the Google Analytics integration in Sitevision? Then we want to draw your attention to checking the box "Anonymize IP" under the website settings. We recommend that the function is used as part of our customers' integrity work.