As of May 25 2018, all businesses active in Europe have to comply with GDPR – the General Data Protection Regulation.
GDPR – What is it?
The General Data Protection Regulation (GDPR) is an EU law on data protection and privacy. As it kicks in the 25th of May 2018 it in large parts replaces the current privacy framework, and with it comes the biggest change to European privacy laws for the past 20 years.
Simply put, the GDPR applies on all personal data that is handled within the borders of the EU, or relates to individuals in EU – no matter where the organization handling the data is located.
The main aim of the GDPR is to unify and simplify the regulatory environment and to strengthen the data protection of individuals in the same way across the EU.
For individuals this means increased control over their personal data, and to businesses active in Europe the GDPR comes with additional requirements on how to handle personal data. Even though some things change, a lot of things actually stay the same.
Opportunity for businesses
At the very core of the GDPR is the objective to help individuals understand what information is collected about them, how it is used, and to give them control over their personal data. The development within online services has shown that as consumers get more experienced and aware – matters of data protection and privacy evolves from being a USP to becoming a hygiene factor.
The introduction of the new regulation has meant adjustments to some processes for many organizations, and as one of the underlying motivations is to benefit individuals there is also an opportunity for businesses. Combining great services with transparency around consumer privacy is not only a compliance factor but also provides great possibility to gain trust and drive preference that ultimately strengthens companies’ bond with their consumers. This way businesses can further nurture their relationship with consumers becoming not only a preferred service provider but a trusted choice.
Understanding personal data
The very basic definition of personal data – is data that can be used to directly or indirectly identify someone. This means any piece of information that on its own or puzzled together with others can be used to distinguish a specific individual.
Examples of personal data
- name or alias
- identification number
- contact information
- financial data
One guiding principle for handling personal data is that the individual should have information on how her data is handled by the service provider, who in turn is required to have a defined purpose to collect and process the personal data.
Example of how data could be used to identify an individual
Some personal information might on its own not be enough to identify someone, although it pieced together would distinguish an individual. The following is an example on this in practice:
- City: Stockholm
- Residential address: Sveavägen
- Occupation: Taxi driver
- Name: Klara
There are many taxi drivers in Stockholm, just as there are individuals named Klara, and as there are residents living on Sveavägen. Although, again, if we combine all four data points it will clearly point to one specific individual – in this case completely fictional to the best of our knowledge (any potential resemblance to a real person please let us know).
Klarna cares deeply about Privacy and Data protection and have a dedicated website section on the subject. If you are interested in Klarna’s view on GDPR and how it affects your relationship with Klarna, we encourage you to read more on Klarna’s Privacy pages.
Never miss an update!
We're aiming to build a Knowledge Community, and it all starts with you and your signup. To smoothly get you started, just enter your email address below and we’ll responsibly take care of the rest.