/Employees/BNB.jpg)
Brian Bomholdt
Partner, Advisory
The general data protection regulation
All companies, organizations, and public authorities that process personal data are subject to the General Data Protection Regulation (GDPR), which was adopted in 2018. Personal data is not just information about health, political beliefs, sexual relationships, and the like, but it is all information that can be attributed to a person, such as address, phone number, and email.
Frequently Asked Questions About the EU General Data Protection Regulation
The EU General Data Protection Regulation (GDPR) has generated and continues to generate much discussion due to its stringent requirements and large fines, often leading to more questions than answers.
Q: Are only sensitive personal data (information about health, political beliefs, sexual relationships, etc.) covered by the new regulation?
A: No – it includes all information that can be attributed to a person, such as address, phone number, and email.
Q: Do all companies need a Data Protection Officer (DPO)?
A: No – far from it. A DPO must be appointed when the company’s core activity largely involves either regular and systematic monitoring or processing of sensitive personal data.
Q: Is a record of personal data processing necessary?
A: Yes – we recommend creating such a record to document personal data processing for the Data Protection Authority. Companies with over 250 employees must prepare the record.
Do you have more questions about the new data protection law?
Let us help answer all the other questions you may have about the EU General Data Protection Regulation and provide advice on implementing the new requirements for data controllers or processors.
We have extensive knowledge of the GDPR and advise on the legislative requirements for companies, organizations, and public authorities. Our advice focuses particularly on how the many provisions of the regulation can be implemented in practice, thereby providing value and ensuring that personal data is recorded and processed correctly. In our advice, we build on already established policies, procedures, and security measures for the protection of personal data.