What you and your company need to know about the EU Data Protection Regulation (GDPR)
The EU Data Protection Regulation (GDPR) will come into force the 25 May 2018 and the supplementing Danish regulation is expected to enter into force at the same date. Even if you comply with the present data regulation there is changes in the new regulation that you have to deal with.
ABOUT THE EU DATA PROCTECTION REGULATION (GDPR)
The EU Data Protection Regulation applies to all companies, that handle personal data and the basically cover all companies, since personal data can relate to clients, suppliers, employees, marketing etc.
The new regulation will also generally enhance focus on how companies handle personal date and whether the new stricter regulation regarding consent and the rights of the registered are being observed.
Some companies have to appoint a Data Protection Officer (DPO) and the fine level has been raised considerably. There is also higher documentation requirements for dataflow and there are requirements regarding information of the authorities in case of personal data breach.
IS CONSULTANT ASSISTANCE NECESSARY?
Assistance from consultants can be a good supplement to the company's own resources, but it generally depends on how complex the company's activities are and what resources and competences you have in IT, law and personal data management.
Many companies only have limited access to these competencies or are too busy with other tasks and will need external advisors to get through the process.
For others, there will be sufficient with partial external assistance in some areas and the company can handle the rest itself.
CONOVAH offers assistance in process facilitation, IT and legal advice, as well as providing hotline assistance for companies who want to try on their own. We attach importance to making the complex legislation manageable so that all companies can get through the process. We want to help ensure solutions that also work in practice.
Contact CONOVAH and get advice on the EU Personal Data Regulation
HOw to get started with the eu personal data regulation?
The first task you need to handle is to get an overview of the process that you are going through and prioritize the effort so that you can complete the most important things before 25 May, 2018. Then you should get an overview of what data you receive and what data you disclose, which systems and suppliers you use and the data flows in the company. Analyze on the basis of interviews with key personnel in the company, which processes and flows are appropriate and necessary and which may not be.
Analyze the risks associated with the required data flows and make the necessary decisions on how to handle them in the future, including the consequences of possible personal data breaches. Prioritize how to implement the necessary changes to systems and procedures.
You must ensure that you document the decisions and processes that have been adopted, such as impact assessments, policies and data processing agreements. Also, make sure that the implementation actually take place. For example, be sure to educate your employees to meet the requirements so that what you've adopted is also done in practice and so the employees know how to deal with, for example, consent, inquiries from the data subjects and personal data breaches.