The General Data Protection Regulation (GDPR), is an EU regulation that came into effect on May 25th 2018, and 20.07.2018 in Norway. It is the most significant change in data protection regulation in decades, and aims to strengthen and clarify the data- and privacy protections of individuals, and also to simply regulations for businesses. This affects not just Visma as your service provider, but also your business:
When you are using products and services from Visma, you are "processing" the personal data of your users, employees, contacts, customers and so on, for purposes determined by you. "Processing" means any use of personal data, such as collecting it, storing it, and modifyng it. For example, you will process personal data in order to pay a a supplier invoice, pay your employees, or render professional services, if you are for instance an accounting office.
This makes you a "data controller". A data controller is someone who determines the means and purpose for processing personal data. For example, using Visma.net Expense (the means) to provide your employees with an application for expense claims (the purpose).
If you are using a cloud- or online service from Visma, such as Visma.net Expense, Visma is your "data processor". This means that we process the data on your behalf and instruction, in order to provide you with the service. This can be for example to provide hosting, security and support.
This page outlines your duties and obligations as a data controller. However, this is not a comprehensive or authoritative guide: we recommend that you aquire the knowledge and skills to assess your use of personal data in the context of your business, so that you can best meet your obligations as a data controller.
The best place to start, is often the information provided by you local Data Protection Authority. These are authoritative sources, and provide comprehensive information and guidelines in easy to read formats: