All businesses and public authorities collecting, exchanging or processing personal data are subject to the Data Protection Regulation, and there is less than one year to take measures ensuring compliance with the rules before the regulation comes into force on 25 May 2018.
Is your business in compliance with the new requirements?
Transparency Information must be correct and readily understood. Especially in the event of obtaining consent to the processing of personal data, the applicable rules have become more rigorous.
Minimum processing The processing of data may take place only if strictly necessary. The protection of personal data shall be ensured through the design or standard settings of the IT solution.
The right to request the deletion of personal data Everybody has the right to get his or her personal data cancelled.
Data portability Every data controller shall be able to transmit personal data to the registered persons via a legible and generally acknowledged media.
Responsibility Every data controller shall be able to explain how the rules are observed. This imposes very high demands on internal procedures and assignment of responsibility.
Data Protection Officer (DPO) Public authorities and businesses processing personal data as part of their core activities or on a large scale are to have a DPO.
Shared responsibility Data processors are subject to the same requirements as data controllers – even if the parties have entered into a data processing agreement.
Notification A duty to inform the relevant authorities within 72 hours in the event of security breach.
REMEMBER! Non-compliance may result in fines of up to 4% of the annual global turnover of the business in question.
NJORD’s Personal Data Compliance Packet
NJORD offers you a Personal Data Compliance Packet in connection with your efforts to comply with the data protection rules. The packet contains legal services ensuring that your business operates in accordance with legislation and is prepared for the moment when the Data Protection Regulation comes into force.
Step 1 – Data Flow Analysis
- We offer you a process approach, where we will go through all systems as part of the process.
- We will review your data flows and carry out a legal analysis of all the elements of data processing, including consent, storage, administration, etc. in close collaboration with you by means of questionnaires and interviews as required.
- Subsequently, we will provide you with a report with the results of the analysis and recommendations for initiatives ensuring compliance.
Step 2 – Internal guidelines and procedures
- We will draw up practical guidelines and directions for in-company use in order to satisfy the requirement of the Data Protection Regulation for self-auditing (the principle of responsibility).
- We will adapt the guidelines to your business based on the Data Flow Analysis.
Finally, we will issue a validation certificate documenting that your business is compliant.
