Security and the GDPR

The General Data Protection Regulation (GDPR) will enter into force 25 May 2018. One important principle of the regulation is that personal data shall be handled with integrity and confidentiality to ensure appropriate security of the personal data. This means for example protection against unauthorized processing and against accidental loss as well as destruction or damage.

The GDPR has tougher sanctions for noncompliance, such as liability for damage suffered as well as fines. A ‘controller’, the one who determines the purposes and means of the processing of personal data, have a responsibility to implement appropriate organizational and technical measures  to make sure there is a level of security that is appropriate to the risk. The measures can for example include pseudonymization and encryption of personal data; the ability to restore the access and availability if there is an incident; regularly testing the effectiveness of the security measure; and the ability to ensure ongoing confidentiality, availability and resilience of processing systems and services. As well as securities measures, the controller shall also take data protection measures by design and by default. Data protection by design and by default means that privacy requirement shall be a top priority and implemented in all processes, products or services by the controller – also when new services etc are developed.

With hackers constantly trying to stay one step ahead, it is important for organizations to be prepared in case they are subject to a personal data breach. A personal data breach means that there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. In case of a personal data breach, the controller have to notify the supervisory authority without due delay and when feasible within 72 hours. The notification shall include a description of the nature of the personal data breach; the contact point where the authority can collect more information about the breach; the likely consequences of the personal data breach and the proposed or taken measures to address the personal data breach. In some cases, when the breach is likely to result in a high risk to the rights and freedoms of natural persons , the data subject shall also be notified in a clear and plain language.

For further information, please contact Ida Häggström or Niels Dahl-Nielsen

News and Insights
Press release

Mathilda Nordmark and Sara Sparring received excellent feedback in the World Trademark Review

Yesterday

Congratulations to Sara Sparring, Mathilda Nordmark and the Trademark-team for the excellent feedback from trademark specialist on the market. The WTR 1000 is the only guide exclusively dedicated to identifying the world’s leading trademark legal services providers. In WTR 1000 2020 Synch is highlighted as: “If you’re looking for a modern and technology-focused firm, Synch […]

Blog Posts

The Consumer’s Right of Withdrawal

14/02/2020

This blog post was written by Veronica Uddsten, lawyer at Synch Businesses compete not only with their goods and services but also with their sales terms. By giving customers e.g. the possibility to return products if not satisfied, companies may become more attractive. In this blog post in our series on consumer protection, we will examine […]

Press release

Synch advises Greenstep on its first International expansion

12/02/2020

Synch is happy to announce that Greenstep has expanded its business to Sweden. Synch acted as legal advisor to Greenstep OY in connection with the expansion. Starting the Swedish business was possible through the acquisition of Melin & Worge Ekonomibyrå. The team today consist of ten people  with the ambition to double the team during […]

News

Sara Sparring is named in the 2020 edition of WIPR Leaders

05/02/2020

We are delighted Synch´s Sara Sparring is named in the 2020 edition of WIPR Leaders . Profiling the leading IP practitioners from around the world, All Leaders were chosen after a four month nomination process, in which WIPR sought views from 12,000 IPprofessionals. You can view the online directory here.

Blog Posts

Order in the Order Process

31/01/2020

This blog post is written by Veronica Uddsten, lawyer at Synch You may be at a point where you have identified a great offering to consumers, and now you are faced with the challenge of putting together an online shop through which consumers can take part of such offering. This leads to the questions what to keep […]

Publications Publikationer

Lyssna på Plånboken om piratkopior, aktörerna bakom piratkopiorna och riskerna med att köpa piratkopierade produkter i P1, SR Play

29/01/2020

En av Synchs grundare, advokat Sara Sparring (ordförande i SACG) i Sveriges Radio P1 ”Plånboken” om piratkopior, aktörerna bakom piratkopiorna och riskerna med att köpa piratkopierade produkter. Lyssna här