Personal Data Protection
Our expertise includes:
- Compliance programmes
- Mapping of personal data
- Gap analyses
- International data transmissions, including BCR
- Breach of data protection
- Whistleblower schemes
- Processing of employee information
- Data protection in marketing campaigns
- Customer data and business transfer
- Data protection law, due diligence procedures
- Data processor agreements
- Reporting to the Danish Data Protection Agency
- Cloud computing.
How can we assist?
The General Data Protection Regulation (GDPR) (Persondataforordningen), security breaches, whistleblower schemes, collection and protection of sensitive personal data, and sector-specific legislation. Data protection law is very much in focus, and failure to observe the law may have dire consequences for enterprises and public organisations.
Our clients are Danish enterprises, international corporations with head offices or subsidiaries in Denmark, and public enterprises. We have vast experience in advising clients on the interaction between data protection law and special legislation, including the Danish Financial Business Act (lov om finansiel virksomhed), the Danish Health Act (sundhedsloven) and the Danish Marketing Practices Act (markedsføringsloven).
For many organisations, data protection compliance begins with establishing an overview of the type of personal data the organisation processes when carrying out its business procedures, i.e. mapping of personal data. As the only law firm in Denmark, we offer our own IT support for this process. With our Pactius Privacy module we offer clients a convenient, easily accessible and price-competitive solution for the challenges presented by practical compliance documentation. We have advised on data protection issues since the area became governed by Danish law, and in recent years we have assisted organisations – from C20 companies to public authorities – in their preparations for the GDPR.
We can help you ensure that you comply with current legislation for instance by conducting a data protection pre-analysis identifying your current compliance level, performing a gap analysis relative to the requirements of the GDPR, and offering specific advice on which steps to take in the areas where they are needed.
We also offer DPO training for organisations that are obligated to or voluntarily appoint a DPO. This training is also useful for organisations that are not required to have a DPO but want one of the most in-depth data protection courses on the market.
In step with the vast digital and online development taking place on a global scale, protection of personal data has become increasingly important. Many enterprises and public authorities find that the provisions of data protection law are complex, restrictive and difficult to implement in practice. Particularly large challenges are faced by international corporations, which must comply with the laws of multiple countries and establish a uniform level for its processing of personal data.
The new GDPR becomes effective on 25 May 2018, replacing the current personal data directive and thus the Danish Personal Data Processing Act (persondataloven). The GDPR imposes stricter requirements on organisations as data controllers and as data processors – and the sanctions for violation are markedly sharpened for private enterprises. Fines may be of up to EUR 20m or 4 percent of the corporation's global annual revenue.
Read our publication about Pre-Audit