Security and the GDPR

The General Data Protection Regulation (GDPR) will enter into force 25 May 2018. One important principle of the regulation is that personal data shall be handled with integrity and confidentiality to ensure appropriate security of the personal data. This means for example protection against unauthorized processing and against accidental loss as well as destruction or damage.

The GDPR has tougher sanctions for noncompliance, such as liability for damage suffered as well as fines. A ‘controller’, the one who determines the purposes and means of the processing of personal data, have a responsibility to implement appropriate organizational and technical measures  to make sure there is a level of security that is appropriate to the risk. The measures can for example include pseudonymization and encryption of personal data; the ability to restore the access and availability if there is an incident; regularly testing the effectiveness of the security measure; and the ability to ensure ongoing confidentiality, availability and resilience of processing systems and services. As well as securities measures, the controller shall also take data protection measures by design and by default. Data protection by design and by default means that privacy requirement shall be a top priority and implemented in all processes, products or services by the controller – also when new services etc are developed.

With hackers constantly trying to stay one step ahead, it is important for organizations to be prepared in case they are subject to a personal data breach. A personal data breach means that there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. In case of a personal data breach, the controller have to notify the supervisory authority without due delay and when feasible within 72 hours. The notification shall include a description of the nature of the personal data breach; the contact point where the authority can collect more information about the breach; the likely consequences of the personal data breach and the proposed or taken measures to address the personal data breach. In some cases, when the breach is likely to result in a high risk to the rights and freedoms of natural persons , the data subject shall also be notified in a clear and plain language.

For further information, please contact Ida Häggström or Niels Dahl-Nielsen

News and Insights
News

SCHREMS II – AT A GLANCE

21 hours ago

Introduction and summary As you may have already seen, everybody seems to be talking about the “Schrems II” judgement – but what does the decision mean and what is the discussion about? In short, the judgement has the following effects for organisations transferring personal data to countries outside of the EU/EEA: · The EU – […]

Press release

Synch har assisterat Cortus Energy AB

26/06/2020

Synch har assisterat Cortus Energy AB (publ), noterat på First North Growth Market, vid genomförandet av en företrädesemission av konvertibler om ca 69,3 MSEK  till existerande aktieägare i bolaget. Emissionen har föranlett upprättandet och ingivande av ett prospekt hos Finansinspektionen och teckningstiden för deltagande i emissionen löper till och med den 22 juni 2020. Mangold […]

News

We are very proud to announce that Sara and Mathilda have been ranked as leading individuals in I AM PATENT 1000 2020

12/06/2020

Synch has also been ranked as one of Sweden’s top firms within patent transactions; ”Innovative companies across the Nordics flock to Synch for their contentious needs. It operates a cutting-edge patent service which utilises digital technology to make for a more dynamic and accessible process. A tenacious enforcer of rights, Mathilda Nordmark has chalked up […]

Press release

Congratulations to Åkestam Holst and Norrlands Guld/Spendrups on four silver awards for the campaign ‘The Legally Binding Beer Contract’ at this year’s Golden Egg Awards

03/06/2020

At the request of Åkestam Holst, Synch drafted the actual contract in the successful campaign ‘The Legally Binding Beer Contract’, in which the half-hearted ‘we should grab a beer’ is turned into a legally binding obligation. Bella Lagerquist, executive producer at Åkestam Holst comments: the contrast of the rather playful drink meet-up and an actual […]

Press release

Synch assisted Goodbye Kansas

28/05/2020

Goodbye Kansas AB (publ.) and Bublar Group AB (publ.). have agreed on a merger. Bublar Group is making an offer to the shareholders and lenders in Goodbye Kansas. The merger forms the basis to create a world-leading player in XR technology and visualization. Synch acted as the legal advisor to Goodbye Kansas. Peter Levin, chairman […]

Press release

Synch acted as legal advisor to listed company Advanced Stabilized Technologies Group AB

14/05/2020

Synch acted as legal advisor to listed company Advanced Stabilized Technologies Group AB (publ) (”ASTG”) in its acquisition of Satmission AB from Allgon AB (publ). Satmission develops, manufactures and sells mobile satellite communication systems for media broadcasting and military applications. Satmission’s Gregorian carbon fiber-satellite dish with pod remains the most light-weight and (in its stowed […]