GDPR Compliance

"Ny lov om persondata koster firmaer millioner" ("New personal data law will cost organizations millions")- Børsen 1. Feb 2017

- are all warnings about what needs to be done before 25th of May 2018, and firms are scrambling to get to grips with the situation.

 
CSA-CPH Data Protection Officer.jpg
 

EU’s General Data Protection Regulation (GDPR)  will have major implications  for most companies, but what exactly, when and to whom?  Do you need a DPO (link to article) and who shall it be? What is personal identifiable information (PII)? Where in the company  should the DPO responsibility be placed?  Many firms are without  a doubt, busy trying to answer this very question.

 

Exampels of positions

  • Master Data Manager
  • Data Governance Architect
  • Enterprise Information Architect
     
 

Case

1. Definition af DPO role:

What is a DPO? What qualifications should one poses? Should it be a lawyer or one with an IT background? Should the position be based around IT, finance or legal? How do we assess if a candidate is qualified. Which decision rights should be assigned to the DPO. These were the questions from one of our clients, after attending a DPO conference. The Client is a C20 business, with a consumer customer base, and a business model containing large amounts of data, GDPR will therefore have major implications for them, and they will need a centrally placed DPO in order adapt to the new requirements.  

We have payed close attention to GDPR since it became a reality, we have a certified DPO as well as a strong network of specialist on the field, we were therefore able to help the client in defining the role.