H.S. Møller

GDPR – The new personal data regulation

On 25 May 2018, the EU’s new personal data regulation called the General Data Protection Regulation (GDPR) comes into force throughout the EU. After that, everyone who deals with all kinds of personal data must comply with the rules in the new regulation. This applies to both private companies, public and semi-public authorities and organisations.

The regulation replaces the current Danish Personal Data Act and sets stricter requirements for security around the storage and processing of personal data.

What is personal data

All data that can be used to identify a person, e.g.

• Customer information (Contact person, e-mail addresses, phone number, etc.)
• Supplier information (Contact person, e-mail addresses, telephone number, etc.)
• Employee information (Name, picture, address, social security number, telephone etc.)

And what GDPR means for your company

• Protection of personal data via organizational, administrative and technical measures.
• Documentation of all measures that protect personal data. IT Security, work processes and physical security (Access control, alarm etc.)
• Strict requirements for consent from the registered as well as transparency in storage and processing. In order to meet the requirements, companies and organizations that use personal data about individuals must obtain the individuals’ express consent.
• Information to the national supervisory authorities AND all affected data subjects in the event of a data breach – NO LATER THAN 72 hours after a breach has been detected. (Disaster Plan)
• Extended responsibility of data processors
• Organizations that do not comply with the GDPR risk fines of up to 4% of annual turnover or EUR 20 million.

What can H.S. Møller offer in a GDPR project

• An overall risk assessment in the form of a preliminary analysis, where the company’s infrastructure and complexity are uncovered in relation to the use of personal data.
• An analysis that uncovers shortcomings in relation to being in compliance with the GDPR. (Compliance)
• A final report that describes the current situation and suggests possible measures for improvements in the short and long term, as well as a proposal for a disaster plan.

When a GDPR project is completed, H.S. Møller be helpful in designing documentation of IT security, work processes etc.

With 360 Business Tool and H.S. Møller, you are on track with your GDPR project.