FAQ about GDPR

How Euroclear Sweden is working with GDPR

Frequently Asked Questions about the new data protection regulation General Data Protection Regulation, GDPR

On 25 May 2018, the new EU regulation General Data Protection Regulation (GDPR) will take effect with the purpose to regulate the processing of personal data across all EU member states.

Below you will find information about how Euroclear Sweden is working to comply with GDPR. If you have general questions about the new regulation, please visit the Swedish Data Protection Authority’s website.

How is Euroclear Sweden preparing for GDPR?

In order to comply with GDPR, Euroclear Sweden has conducted a full assessment of impacts in our infrastructure, business and development setup. 

To ensure compliance with the General Data Protection Regulation, we have initiated a project covering several sub-streams such as for example security, contracts and awareness.

We are taking a whole range of actions to comply with GDPR, of which the most important are:

  • Implementing procedures for tackling efficiently data subjects’ rights/requests
  • Creating processes to safeguard the rights of registered persons to information, inspection, electronic access to data, correction of incorrect information and deletion of personal data.
  • Introducing data protection by default and data protection impact assessment when developing and updating our systems.
  • Ensuring that all processing of personal data is done based on legal ground.
  • Reviewing our contracts with data processors and ensuring that they follow the requirements of GDPR.
  • Developing our list of systems and registers of personal data to comply with GDPR.
  • Creating procedures for reporting, documenting and addressing any personal data incidents.
  • Ensuring that impact assessments in respect of personal data processing are conducted when significant changes are made to our products, systems or business.
  • Creating awareness about GDPR with internal e-learning and training.
Does Euroclear Sweden act as data controller or data processor?

Euroclear Sweden acts as data controller in relation to our clients as we are responsible for the personal information that we process in our role as Central Securities Depository and Clearing Organisation, in accordance with the Financial instruments Accounts Act (SFS 1998:1479).

What is Euroclear Sweden doing to meet the new accountability requirements in GDPR?

We have identified all processing activities within Euroclear Sweden according the GDPR article 30. Each controller shall maintain a record of processing activities for which it is responsible.

That record shall contain information such as for example the purpose of the processing, the categories of data subjects, the data retention, data transfer and legal ground. 

What is Euroclear Sweden doing to meet the new information security requirements in GDPR?

We are updating our IT security policy and our guidelines to meet the GDPR requirements. We are continuously improving our work methods and systems as well as continuously training our staff in how to deal with the information security requirements.

This means, for example, that all key systems and databases in which personal data is processed are being reviewed with regard to the relevant GDPR requirements to identify any necessary measures. We are also reviewing all suppliers that process personal data on our behalf to ensure that they fully comply with GDPR. 

Where does Euroclear Sweden store its data?

We store data in servers located in Sweden and the EU/EEA. If information is disclosed in any case to a data processor, this information may only be stored in a controlled manner in accordance with Euroclear Sweden’s instructions and GDPR.

For how long is data stored?

We store data as long as necessary based on the purposes for which the information was collected. If we are legally required to store the data in question for a certain time, we will of course follow these requirements. 

Additional questions?

If you are a client with us and have more questions on this topic, please get in touch with your regular Euroclear Sweden point of contact for further information.