Future markets will require that companies are transparent, and soon the legislation will also support customers’ and citizens’ right to “be forgotten.” Therefore, it may already be necessary for the company’s business model to be in compliance with existing and future legislation.
As of May 2018, the European Parliament’s Personal Data Regulation will enter into force in all EU countries. This means that all companies storing personal data will be obliged to comply with the revised procedures on how the company collects, processes, and stores data.
Is your company storing for example people’s addresses, e-mails or credit card information? If so, we recommend that you ensure that your data processing is in compliance with the existing rules in this area and that you prepare your procedures for the new requirements in the personal data regulation.
Many enterprises can gain a competitive advantage if they already can ensure that they comply with privacy legislation while preparing for the personal data regulation to enter into force.
At NJORD we have a phased approach to ensure your company’s compliance. We will always ask you to consider your stakeholder’s expectations regarding your processing of their personal data. Requirements are one thing – options are another.
Our approach to meeting future requirements
Briefly, here is our approach to ensure that the company will meet future demands:
- Data Flow Analysis (mapping of data procedures)
- Legal analysis and proposals for action
- Identification of formal requirements – such as Privacy Impact Assessment reports and the need for a Data Protection Officer
- Assistance with product specifications and contracts for future IT solutions
- Practical guidelines – for example, how the company obtains consent
In continuation of mapping the company’s data flow, we recommend a legal analysis to identify changes in the legislation that are critical to the company’s business model.
We then establish the formal requirements with which the company is required to comply, and we assist with product specifications and contracts or an appropriate IT solution.
Finally, we prepare your company with practical guidelines for handling personal data for you to be in compliance with the law in the future.
A multidisciplinary team
NJORD’s data protection team is a multidisciplinary team with thorough experience in Life Sciences, employment law, corporate law, tax, e-commerce and intellectual property. We can help navigating around the pitfalls of Danish and international legislation on data protection.
We advise and assist clients within all aspects of Danish, European and international data protection regarding the processing of all types of personal data, including the special protection of sensitive personal data. We also advise HR departments on processing of personal data.
Examples of our services:
- Notifications to and approvals from the Data Protection Agency or other relevant authorities
- Data Flow Analysis and proposals for action
- Audit reports on compliance in connection to acquisitions
- Compliance related to requirements for employment contracts
- Local Scandinavian compliance with Sarbanes-Oxley whistle-blower rules
- Consent for Clinical Trials
With our unique Scandinavian and Baltic structure we can provide individual solutions covering several countries.