Sitevision and GDPR

The General Data Protection Regulation (GDPR) came into force in April 2016 and became valid as law in Sweden from 25 May 2018. The law replaces the previous Personal Data Act and means that other requirements are imposed on companies, authorities and other organisations that collect personal data.

GDPR - brief recommendations

• Collect and manage personal data only if permitted.
• Inform the persons whose data you collect. This may be data about customers, suppliers, and employees.
• Determine in advance what the personal data will be used for and do not use the information for any other purpose.
• Do not collect more personal data than is needed.
• Never collect personal data "because it may be useful to have".
• Make sure that the personal data is accurate and up to date.
• Delete personal data that is no longer needed.
• Protect the data from unauthorised use and access.
• Document your intentions in your processing of personal data.
  

Read more about GDPR at datainspektionen.se.

Unstructured data

The concept of unstructured data is used within GDPR. This is, for example, data that appears in free text on the website or intranet. This can be text in text modules, text answers in a questionnaire, and images with visible faces. You are responsible for filtering this kind of data.

Tips and data

• You can search for such data using Sitevision’s search, for example.
• If you are self-running, you must also consider establishing a filtering procedure for logs. Many Sitevision modules store messages in a log. This log also contains personal data.
• Social Collaboration content, such as a comment or post where you have printed personal data, must be cleared manually. From version 4.5 inclusive, you can edit and delete other people's posts, edit and delete posts on other people's profile pages, and edit and delete page comments.

Structured data

The concept of structured data is used within GDPR. This is traditional storage of data in a database, such as a directory service.

From Sitevision 4.5 there is a function to anonymise structured data in Sitevision. Anonymising means, among other things, that information about a user in Sitevision is anonymised. In Social Collaboration, some data will be cleared (personal timeline, user fields, profile image etc.). Also, other data that is saved to the user such as user settings and data coming from directory services will be cleared.

• Anonymisation will be done via a new search function found under Website settings
• Any references to user data, which for various reasons need to remain, will be presented as "Anonymised user"
• User metadata, such as Page manager, will be anonymised and user information (e.g. name) will be replaced with "Anonymised user".
• Permissions will be anonymised and replaced with "Anonymised user"

This function includes both users and social profiles created in Social Collaboration.

Some tips

Here we have compiled a list of things to consider for websites built in Sitevision:

Consent

We have a "consent box" that deactivates the Send button until the user has ticked the consent box. There is a central setting on the website that allows all form modules to receive a consent box.

Consent will be required when collecting personal data via forms. (Read more about What is personal data?)

For you as a customer it is also important that you set up a filtering procedure to clear out old form modules on the website, so that information is not stored unnecessarily.

Logs

Many Sitevision modules store messages in a log in the website's database. This log may also contain personal data. Sitevision saves logs in the Cloud environment for 6 months, they are then filtered. If you are self-running, be sure to have a filtering procedure to clear logs.

Https

GDPR requires that all personal data is handled in a secure manner, which means that data sent via the Internet must be encrypted. This is easiest to do by installing an SSL certificate on your web server, so that you can use HTTPS instead of unencrypted HTTP.

Google Analytics

Are you using the Google Analytics integration in Sitevision? Then we want to draw your attention to checking the box "Anonymize IP" under the website settings. We recommend that the function is used as part of our customers' integrity work.