Why to love GDPR – 3 reasons for falling in love with it

Ulrik Nohr Ulrik Nohr,
When we hear about all the implications of the General Data Protection Regulation (GDPR) for businesses operating in the EU or handling personal data of EU citizens, I’m pretty certain that most people feel a certain apprehension (maybe even a pinch in the stomach?). And I can totally understand why! Besides all the things I need to do, there are also fines for data breaches and non-compliance, and they can be huge. But let’s try to step back and look at the bright side of GDPR – yes – such actually exists! Let me show you why, and you – like me – might come to appreciate or even fall in love with it.   The personal side First, let’s talk about the personal side of GDPR: for EU citizens, GDPR means a lot. It means that companies need to be much more conscious and responsible when processing and handling personal data of EU citizens. They need to be more transparent about how they handle personal data, and this is – as an example – guaranteed by the “right to access” or “right to rectification”. And all the media focus on GDPR has revealed the “right to be forgotten” which… Read More

Expert tip: How to fill out and use GDPR templates in your company

Ulrik Nohr Ulrik Nohr,
So, you got a GDPR template package during the GDPR frenzy (If not – get ours here for free). By now, you know it’s a legal requirement to do something about personal data, i.e. GDPR… But - the templates you receieved look terribly boring. Moreover, what do you actually do with them? How do I input the right information the right places? What is my legal basis for collecting personal data? What is my legitimate use of personal data? At this point my guess is, you’d rather watch white paint dry than filling out GDPR templates. Do not worry: we got your back. In this post, we will provide some guidance and hopefully get you from the above outset to “Aaaah – that’s what it is…”. First, we will start with some general introductions to get the full picture, and then we will go into the specific templates. 1. Introduction The General Data Protection Regulation (“GDPR”) has entered into force throughout Europe and as a company, you should be dedicated to observe all relevant regulation. GDPR is all about personal data and how to safeguard it, minimize handling of it and have sufficient measures in place. The rules are important… Read More

Business manager: Why you should not only rely on people to comply with GDPR

Ulrik Nohr Ulrik Nohr,
Colleagues (and people in general) are awesome! If you are a manager, they are your most valuable asset and best case is that they drive your competitive edge. But if you are the GDPR responsible, they are also your biggest headache… That’s because they are building the content of your company but the content becomes the problem in a GDPR context. And you might have a hard time convincing them to do things differently. This is not due to the fact they don’t want to, but because they deem other things more important. This is especially the case with GDPR compliance. It’s everybody’s task but time is not an available resource, nor does everybody see GDPR as relevant. We have reflected on what happens if you only rely on people to comply with GDPR. And the topics are: Handling data is not very user- and people-friendly People are different - and they end up doing things differently Changing people’s mindsets is tough one Enforcing people’s GDPR compliance is a hassle Culture eats strategy for breakfast – including your GDPR strategy How can you smoothen GDPR compliance and the transition to the GDPR era?   1.   Handling data is not very… Read More

The GDPR hunting season is open:
The Danish authority Datatilsynet has announced first shots will be fired

Ulrik Nohr Ulrik Nohr,
Datatilsynet (Danish Data Protection Agency) has announced the types of companies they are targeting first and on which grounds. It will be the first test of companies’ efforts to comply with the General Data Protection Regulation (GDPR). And it is happening as we speak. So, lets dive into how Datatilsynet will conduct their supervision and who will be the first companies to be audited. 27th of June became the day that Datatilsynet released their “GDPR supervision-plan”. The plan contains information about two areas: Which sections of GDPR are their focus? Which industries and institutions will they target first?   Mails from loyalty clubs and dating services are investigated Unless you’ve been sleeping under a rock, it has been almost inevitable to avoid the data bombing of your e-mail inbox – leaving it utterly destroyed, as companies wanted to renew your consent to receive information from them. This was a direct consequence of companies trying to comply with the GDPR. Datatilsynet describes the phenomenon as follows:  ”…tusindvis af danskere [oplevede, red.] at få fyldt deres indbakker med e-mails fra navnlig private virksomheder, der under henvisning til de nye databeskyttelsesregler enten bad om et (fornyet) samtykke til fortsat at kunne behandle personoplysninger… Read More

9 steps towards GDPR compliance

Ulrik Nohr Ulrik Nohr,
  The General Data Protection Regulation (GDPR) came into effect on 25th of May. We now live in the GDPR era where compliance needs to be as natural a part of your business as water is to fish. This doesn’t mean that transition is easy. Compliance is a long and close to a never-ending journey. We recommend that you divide the effort into smaller, doable steps and conquer them one by one. We wanted to collect some of the insights that we got when scouring through numerous reports on how to prepare and handle GDPR. So, we have compiled a list of 9 steps that you should tick off in your business. At the end of the article, we have provided all links to the reports.      1) Locate and map the personal data in your company Start to understand where personal data exists in your company? Hint: It’s everywhere. The top-four sinners are e-mails, file storages, Enterprise Content Management Systems (ECM) and cloud apps. Locating and mapping all personal data is a daunting task, so get the help you can. Make use of tools out there. And yes, we can help you with part of that automatically, but… Read More

GDPR snapshot: How ready are companies really?

Ulrik Nohr Ulrik Nohr,
Ok, so GDPR is one everyone’s lips these days. It’s not without reason. But there’s a lot of clutter out there. Do X, do Y do Z – where do you even start? The confusion can be frustrating. What we usually do when we feel unsure about a situation, we look to our peers to see how they are dealing with the situation.  Spoiler alert. They are doing the exact same thing as you – looking around for someone who’s doing a great job being GDPR compliant. The truth of the matter is that it is a rare sight to find a company that is GDPR compliant. Of course, there are companies that think they are compliant – but are they really? We compiled some GDPR statistics that can give you some comfort if you think you’re the only one not being compliant. We’ve also included some statistics about where personal data is located. The fact of the matter is: You can’t be GDPR compliant if you don’t know where the personal data are in your company.   Resources: Association for Information and Image Management Spice works SAS Read More

What is GDPR? Here’s what you need to know to get started.

Ulrik Nohr Ulrik Nohr,
  What is GDPR? The General Data Protection Regulation 2016/679 (GDPR)  is the EU regulation concerning data protection and privacy for all individuals within the EU. It applies to companies handling data from EU citizens located inside and outside of the EU. It doesn’t matter where the companies are physically located: If you as a company are handling data from EU citizens, your company must comply with the GDPR. The regulation enters into force on May 25, 2018.   The aim of the GDPR is to give back EU citizens control over their personal data. People must (and should) have the right to know what information companies have on them. From a societal point of view, GDPR gives people the rights to claim insight into an until now unchartered territory. And this is a good thing. That being said, it can be a b**** for companies as GDPR compliance is more than a mouthful.   How does GDPR affect my business? The new GDPR regulation is a modification of the preceding directive but with some important changes that impact your business in a significant way. Below you can find new and modified concepts that are important to be aware of. The list below should not… Read More