General Data Protection Regulation (GDPR), have a new set of regulations regarding management of personal data. GDPR is replacing the old "personuppgiftslagen" (PuL).
Data Processor is the entity processing personal data on behalf of the Data Processor. PA-Utveckling AB which is providing the MaxPA application is a Data Processor.
Data Controller is normally the entity that are managing personal data in its operations och deciding which data is stored and what the data is used for. Customers using the MaxPA application are Data Controllers.
Personal data in MaxPA
MaxPA is managing personal data for employees and in some cases company customers. You can find employees selecting "Anställda" in the top meny. When selected an employee you can find the personal data by clicking "Personuppgifter" in the left meny.
Customer data can be found by navigating to "Ekonomi > Kunder", assuming this function is activated. By selecting a customer, you can find the form with customer data.
An employer doesn't need to ask for consent from employees in order to collect and store personal data. By signing an employment contract the employees are indirectly consenting. The same rule applies to customer data. By signing a contract with the supplier the customer have consented store customer data.
In MaxPA you can register, modify and delete personal data.
Registration and modification of personal data for employees and customer can be done using the form for corresponding entity, see above.
If a customer or employee is not longer used, it can be removed by pressing the delete-icon in the left column in the employee or customer lista. If the employee or customer already have been used in the system, the delete-icon will not be visible. Instead you need to clear the personal data in the entity form. In the employee form, there are a button with the label "Anonymisera", which may be used.
It is also possible to hide employees i MaxPA. Please not that hidden employees are still stored in the application. You still need to clear the personal data as described above.
In MaxPA you can send pay slips by e-mail. The swedish agency "Datainspektionen" have previously made the conclusion thet pay slips by email doesn't meet the security requirements neither by "Personuppgiftslagen (PuL) and the new GDPR. Consequently we recommend creating a password so the employees can login to MaxPA for viewing pay slips. If a password have been created an employees the pay slips will not be attached to the email. Instead a web link to the pay slip will be inserted in the email.
MaxPA is hosted on servers at Ipeer data center in Karlstad. The personal data are stored on the same servers. The servers are protected by a firewall and there are two ports for communication. One port (443) is for the web interface and is protected by SSL-encryption using the https protocol. The users login using by username and password. Administrators are also able to access the servers by using the SSH protocol. Certificated are used to login. Logins are logged by the operating system.
More information regarding GDPR »