If your business is not yet completely familiar with the new data protection rules under the General Data Protection Regulation, the so-called ”PrivacyCompass” may help.
The Danish Data Protection Agency and the Danish Business Authority recently launched a new version of the PrivacyCompass. The PrivacyCompass is an online test where businesses by answering 23 questions can check what they already know about the GDPR and in what areas extra efforts are needed to prepare for and en-sure compliance with the new data protection rules.
The GDPR will enter into effect in less than three months, and it is therefore a good idea to size up the situation and assess what needs to be done in order to comply with the GDPR.
You can test your business here (in Danish only).
The content of the above is not, and should not be a substitute for legal advice.
Must the Data Protection Agency be notified in case of an “internal” personal data breach?
The Data Protection Agency has expressed criticism of a municipality, inter alia, because the municipality had failed to notify a personal data breach to the Agency or communicate the breach to the affected employee.
Access to work emails? Can a request to access data be too extensive?
Under the GDPR, a data controller must provide a data subject with access to all personal data which the data controller processes about him or her, if the data subject requests it. However, the data controller may refuse to act on such a request if, for example, the scope of the request for access is excessive.