GDPR was put in place to give you better control over your private information, but what is GDPR really and how should you relate to this? We will try to give you an overview of the subject, which for many, is very complex.
What is GDPR?
On the 25th of May 2018, the General Data Protection Regulation became effective. The regulation was implemented in all local personal data laws within all of EU and the EEA and affects all companies and organizations who undertake the sale of goods and services and keep personal data on citizens and other companies. According to GDPR, personal data is defined as a person’s name, picture, e-mail address, bank information, post on social media channels, locations, health information and IP-address. GDPR gives citizens within the EU and the EEA more control over their own personal data and security, which ensures that their information is protected within all of Europe.
Who is impacted by GDPR?
GDPR impacts all organizations all over the world who handles personal data from citizens from Europe. “Personal data” implies all information that is related to a person. Included are among other genetic, mental, cultural, economic and social information.
What is the difference between the GDPR and the Data Protection Act?
GDPR is an EU order. This means that all EU citizens can rely on the content of the GDPR without distinction of the EU countries. When GDPR was approved by the 27 European countries it ended up as a larger compromise between the countries, as it opens up for national special laws. Denmark's special laws can you find in the Data Protection Act. This is supplementary to the GDPR. The central regulations regarding data protection are equal for all parts of the EU in terms of the obligation to keep a record, to fulfil the duty of disclosure and the individual rights of the deletion of the subject data, rectification and objection. Under national special laws, you find detailed regulations in terms of employment, rules for credit agencies and cases of treatments which requires the Danish Data Protection Agency prior permission.
Why do I receive an informational letter from Risika?
Based on the above-mentioned, Risika has been approved as a credit agency which obligates us to send the information which is displayed in our informational letter. The Data Protection Act §20 piece 1 dictates that a credit agency, like Risika, may process information which by their nature is important for assessing the financial health and creditworthiness, as in accordance with the Danish Data Protection Agency authorization of processing. Read more about this subject here: https://risika.dk/info-letter/
Does Risika's informational letter mean that I am registered as a bad payer?
Risika is not a register for bad payers like RKI, but a credit assessment system. We are by law obligated to inform all companies that we have registered in our database, bad payers, or not.
Can my master data (e.g. name, phone number etc.) be changed in your system?
Do not hesitate to contact us if you encounter master data regarding your company that is incorrect. Most of our data is collected through public sources, where the changes to the data should be undertaken.
Who do you register in your system?
We register all active companies in Denmark, Norway and Sweden - including holding companies.
Can I see what data you have on my company?
You can at any time get insight into the data that we have on your company. Contact us, and we can send you a .zip file with all the information.
Can my company be deleted from your system?
You have full right to request for deletion from our database. However, there should be compelling reasons for deletion, which is why we very rarely can adhere to these requests. It is important that you list the reasons behind your request for deletion if you choose to contact about this. If you do not, we will have a hard time assessing if there is in fact a compelling case for deletion.
Do you process sensitive data about me?
Risika does not process sensitive personal data about you, nor your company.