How does GDPR affect your customer portal?

30 Aug 2018 in

Earlier this spring, the new GDPR legislation will enter into force, which imposes new requirements for the handling of personal data. The purpose of this legislation is to give people whether as individuals or employees entitled to protection and control over their personal data. In addition to the requirements for keeping the information safe, there are also extensive requirements for transparency in what data is stored and the right to get it corrected and, in some cases, also deleted.

If you have a customer portal with a personal login it means both that you need to meet such requirements in the same time as it gives a very good opportunity to solve many of the challenges in other operations.

Well thought-out plan

Determine which personal data will be stored and why. What is the reason for the data to be saved, it is something that you and your customers benefit from. Do not store data for which there is no reason to save.

What is personal data? According to the regulations, its all information that can be used to identify a person such as name, email address, phone number. This also includes information that can indirectly identify a person such as which IP address it connects to.

Of course, that sounds obvious, but many companies today save personal information about their customers without any plan whatsoever to use it.

Clarity about data storage

Be clear with what information you store about the users and give them the opportunity to explain why it promotes your common business relationship. Be sure to create a document that clearly describes what data is stored and why written in a language that is easy for ordinary users to understand.

Possibility to access stored information

The regulation describes that persons are entitled to access the information stored on them. This means, therefore, not only those data that identify users but also the information associated with it. If information is labeled with a user, or if there is a log that shows what the user has done in the portal, then the user should be able to access this information.

A very good way of enabling this right for the user is to let this request a summary of stored data directly through the customer portal. By introducing self-service for users and allowing them to take part in a summary of the information stored.

Consent and agreement

Personal data may be processed if you have the consent of the data subjects. In the Data Protection Regulation, there are special requirements of consent, including that it should be voluntary, it must be submitted by a statement or a clear affirmative action and that it be given after the individual has received information about personal data processing.

The person who processes personal data with the consent of the user must be able to show that a valid consent has been given by the data subject. When setting up a new user, the customer portal should be designed in such a way that the user, with the first login, receives information about the data storage, the rights of the person and, in by this action, leaving his consent.

Possibility of correction

Each person has the right to turn to a company or authority that processes personal data and asks to have incorrect information corrected. It also means that the individual has the right to supplement any missing and relevant personal data.

In the customer portal, users should have access to a routine that allows the user to request correction of incorrect information.

Possibility of requesting deregistration

Every person has the right to turn to a company or authority that processes personal data and request that the information relating to him or her be deleted.

This does not in itself mean that the company or authority is always forced to delete personal data. If personal data is required to be able to confirm orders, deliveries or work, for example, there are other regulations that require the data to be saved.

The rules around when tasks must be deleted can be found on the home page of The Swedish Data Protection Authority.


In summary, GDPR provides a lot of things to consider when designing the company's customer portal. It also provides an efficient platform for managing the rules and communication with customers.

GDPR requires efforts for all companies. Using a modern customer portal with links to the company's other business solutions can be the most effective and fast way to solve the challenge.

Read more in our product sheet on how Bizzjoiner helps you manage personal data and other issues regarding integrity.