General Data Protection Regulation

Our focus is on how to store sensitive data and passwords. 

According to the regulation, companies must do everything in their power to comply with the GDPR regulation. 

Recital 64

"The controller should use all reasonable measures to verify the
identity of a data subject who requests access, in particular in the context of online services and online identifiers. A controller should not retain personal data for the sole purpose of being able to react to potential requests."

Data managed by the organization should be filtered and categorized depending on how sensitive the information is and the reason for storage and secured thereafter.  
The requirement for data encryption will now be a rule than an exception.

Assured staff shall have access to their trusted tasks. Consent shall be clearly given to the physical person for each type of storage reaseon unless an interest balance exists. 

Introduction to the Data Protection Ordinance

What is classified as a personal records?

Latest News


Data breaches have increased by as much as 424% in 2018 

"The number of confirmed data breaches during 2018 reached 12,449, a 424% increase when compared with 2017"

"Consumers need to do what they can to prevent problems, like enable two-factor authentication, use a password manager, etc."

Comment from Haagen IT Partner AB:

Data breaches have increased by as much as 424% in 2018, and the focus has shifted from the large companies towards the smaller ones, since they believe that they are less protected.

2,7 million recorded phone calls to 1177 Swedish Healh Care Guide (Vårdguiden) unprotected on the internet.

"Computer Sweden can today reveal one of the biggest breakdown ever when it comes to Swedish patient safety and personal privacy. On an open web server, completely without password protection or other security, we have found 2.7 million recorded calls to the advisory number 1177. The conversations extend back to 2013 and it is about 170,000 hours of sensitive calls that anyone has been able to download or listen to."


Apple allows users to access their own personal data via portal

For now, the data download page only works with Apple accounts hosted in the European Union, plus Iceland, Liechtenstein, Norway, and Switzerland. Service for other countries is expected before the end of 2018.

Comment from Haagen IT Partner AB:

This is a good service and Apple works proactively instead of retroactive. Instead of manually requesting personal information, they offer a portal where the user can evaluate their shared personal data.  After a request of all personal data it takes up to seven business days to receive and a maximum file size of 25 GB is set.


Swedish Armed Forces Passwords Hacked, Now for Sale Online.

"Hacked passwords to one of the Swedish Armed Forces servers are available for sale at a criminal internet forum with links to Russia, reports Dagens Nyheter. Around 800 computers have been hijacked, residents of municipalities, authorities and companies"

Comment from Haagen IT Partner AB:

Consequently it is very important not only to:

  • Have knowledge of their passwords
  • Store the passwords encrypted in a database server
  • Authorized personnel are granted access to passwords which they are entitled to
  • Use two-factor authentication
  • Secure their infrastructure

But also having a system that uses an algorithm where the password automatically rotates after X amount of time to a complexity Y of generated passwords.


Datainspektionen organize Data Protection Officer's Conference in the Public Sector

"Datainspektionen organizes an all-day conference for data protection agents working in the public sector. Next year, a corresponding conference will be held for the private sector.


Datainspektionen Invites industry and business representatives to discuss the protection of personal privacy

"The agency organizes 20 seminars to inform about the new demands placed on those who handle personal data but also to discuss challenges and how the Data Inspectorate can provide better support and guidance ."


Datainspektionen proposes the Data Protection Authority as a new name

"A memorandum suggests that the Data Inspectorate should rename the Privacy Authority. The Data Inspectorate considers that a more appropriate name is the Data Protection Authority."