Personal data

The EU General Data Protection Regulation

What do the new rules mean for your company?

Download our Whitepaper

Exchanging personal data with companies is a matter of trust, and thanks to the EU's General Data Protection Regulation, legislation has gone to great lengths to protect your customers' and employees' personal data. This means that if you as a company do not process personal data in accordance with the law, your company could be subjected to large fines, and you could also seriously damage your company's reputation.

Aim Icon

About the EU General Data Protection Regulation

On 15 December 2015, following four years of negotiations, the EU Parliament, The European Council and the EU Commission finally agreed on the wording of the forthcoming General Data Protection Regulation, which comes into force in the EU on 25 May 2018.

The EU General Data Protection Regulation is a new legal framework on how EU countries should process personal data. To meet the requirements for data protection, your company will need to make a number of changes.

  • New EU standard for personal data
  • What is personal data?
children

The most significant changes

  • Significantly higher fines
  • Data processing agreements
  • Tougher document requirements and policies
  • Terms for agreement
  • People's right to be forgotten
  • Data portability
  • Duty to report
  • “Privacy by design” and ”Privacy by default”
  • Obligation to provide information
  • Data Protection Officer
  • Special protection for minors
search icon

Make IT your solution

  • Methodical analysis of the company's personal data
  • Analyse your personal data: The 5 Ws
  • Example: The right to be forgotten
arrow

Strategic implementation

  • Anchoring
  • Planning
  • Execution
  • Evaluation

10 implementation recommendations

We recommend that the analysis and implementation of the EU General Data Protection Regulation follows a number of best-practice methods for IT architecture.

1

Assign one or more centrally based individuals to manage the process. They should be rooted in the management and have a solid insight into the business.

2

Get an overview of the company's data, including which data you process and for what purpose.

3

Define which external systems and suppliers you exchange data with.

4

Prepare/revise data processing agreements.

5

Review current procedures for personal data, including whether the data you currently process is processed legally.

6

Make sure your data processing complies with present and forthcoming rules.

7

Set up procedures that will uncover any breaches in security.

8

Prepare internal guidelines for processing data.

9

Implement the new procedures.

10

Regular follow-up of systems and procedures (maintenance).

Our white paper describes how you and your company should be processing personal data, be it employee data in the HR department, customer data in the sales system or leads in the marketing department. It is based on tools and action plans that you will need, whether you're a manager, a specialist in a department that processes personal data, or have been given the overall task of implementing the new EU General Data Protection Regulation in your company in time for May 2018. This task can initially feel daunting if you're not used to dealing with all these areas on a daily basis. But once you have read through this white paper, you will be ready to start up a process that will turn the Regulation into practice, with the right support from relevant powers in your organisation and involvement from any external resources you might need.

Get your guide to General Data Protection Regulation (GDPR)

Download our 30 page white paper that guides you through the new Personal Protection Regulation.

Novicell and law firm Lett help you get started with putting the regulation into practice through concrete tools and action plans - regardless of your academic qualifications.

Data Protection Screen

Contributors

Adam Peter Nielsen
Adam Peter NielsenGroup CTO
Asger Laursen
Asger LaursenIT Architect
Morten Longgaard Knudsen
Morten Longgaard KnudsenGlobal CCO
Jens Hagbard Grønkjær
Jens Hagbard GrønkjærBusiness Intelligence Manager
Anne Mølgaard Brøndum
Anne Mølgaard BrøndumHR Legal Consultant
Tobias Lybech Bojesen
Tobias Lybech BojesenDigital Product Manager
Josefine Meinert Pedersen
Josefine Meinert PedersenDigital Marketing Manager

Would you like to know more?

You're always welcome to contact Novicell for a no-obligation chat about your opportunities with the EU General Data Protection Regulation.