GDPR – General Data Protection Regulation

Background

The General Data Protection Regulation (GDPR), which comes into force on May 25, 2018, is a change for many companies including Latour Industries AB and its subsidiaries. We do not only see it as a legal requirement but an opportunity for us to review internal processes and implement appropriate technical and organizational measures that strengthen us our business.

GDPR gives us an opportunity to review our internal routines, to strengthen our personal data protection and an opportunity to change our companies for increased efficiency, increased customer value and ultimately increased profit for our owners.

Implementation and organization

Latour Industries has appointed a project manager or DPM (Data Protection Manager) for the introduction of GDPR. Respective subsidiaries have nominated a DPC (Data Protection Contact) for the individual subsidiary. The purpose is to coordinate the work to effectively introduce GDPR in all our companies. We can benefit from economies of scale and standardize processes and procedures for the entire Latour Industries AB business unit.

Latour Industries DPM informs, advises, coordinates and monitors the introduction of GDPR. Our companies will implement the necessary changes as well as introduce the support systems needed to meet or exceed the requirements of the new legislation.

We work closely with our subsuppliers to ensure that they also comply with the new legislation considering that they in many cases affect our business.

Personal information that will be treated

Latour Industries will work on the principle of data minimization and only collect the personal data necessary to conduct our business.

Purpose of treatment of personal data

The purpose of processing personal data will in all cases be defined. No personal data will be processed without a clarified purpose.

Legal basis for treatment of personal data

Latour Industries AB will in all cases define the legal basis for processing personal data.

Time period for treatment and storage

We will only process or store personal data as long as there is a purpose for the data or, for example, when there are legal requirements for storing personal data.

Third-party treatment and transfer of personal data

Personal data will be handled in some cases by third-party sub suppliers. Agreements will always be established and we will strive to transfer personal data to non-EU or EEA countries.

Your rights as a private person

It will be offered the opportunity to obtain registry extracts or request erasing according to GDPR after the law has entered into force.