If you will be sharing the data with others you must inform the person of this.
Remember that the information must be clear and comprehensive and preferably in writing.

This needs to be included in the information:

• Who is responsible for managing the personal data. This is normally your company. It is not a person, except for when it is a sole proprietorship. The information should include contact information for the company.
• Why the data is collected and how it will be used.
• What the legal basis is (for example to fulfill a contract with the customer).
• How long you are going to store the data (for example no more than one year after the customer relationship has ended).
• If you have indicated consent as the legal basis (it might for example be in order to send marketing material to that person), you must also inform the person that they always have the right to withdraw their consent, which means that you must then stop sending marketing material to the person.
• That the person whose data you are registering has the right to request an excerpt from the register in order to verify what data is registered on him/her.
• That your company is obliged to correct information that is incorrect, incomplete or misguiding.

The data subject’s rights at the Swedish Authority for Privacy Protection (IMY)

The General Data Protection Regulation - GDPR at the Swedish Authority for Privacy Protection

When are you permitted to gather personal data?