Security and the GDPR

The General Data Protection Regulation (GDPR) will enter into force 25 May 2018. One important principle of the regulation is that personal data shall be handled with integrity and confidentiality to ensure appropriate security of the personal data. This means for example protection against unauthorized processing and against accidental loss as well as destruction or damage.

The GDPR has tougher sanctions for noncompliance, such as liability for damage suffered as well as fines. A ‘controller’, the one who determines the purposes and means of the processing of personal data, have a responsibility to implement appropriate organizational and technical measures  to make sure there is a level of security that is appropriate to the risk. The measures can for example include pseudonymization and encryption of personal data; the ability to restore the access and availability if there is an incident; regularly testing the effectiveness of the security measure; and the ability to ensure ongoing confidentiality, availability and resilience of processing systems and services. As well as securities measures, the controller shall also take data protection measures by design and by default. Data protection by design and by default means that privacy requirement shall be a top priority and implemented in all processes, products or services by the controller – also when new services etc are developed.

With hackers constantly trying to stay one step ahead, it is important for organizations to be prepared in case they are subject to a personal data breach. A personal data breach means that there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. In case of a personal data breach, the controller have to notify the supervisory authority without due delay and when feasible within 72 hours. The notification shall include a description of the nature of the personal data breach; the contact point where the authority can collect more information about the breach; the likely consequences of the personal data breach and the proposed or taken measures to address the personal data breach. In some cases, when the breach is likely to result in a high risk to the rights and freedoms of natural persons , the data subject shall also be notified in a clear and plain language.

For further information, please contact Ida Häggström or Niels Dahl-Nielsen

News and Insights
Press release

Synch and FDIH have collaborated to develop a digital tool that simplifies the composition and aligning of terms and conditions of purchase

16/10/2019

Synch has developed a digital tool for FDIH (Forening for Dansk Internethandel). The tool allows e-commerce companies to effectively produce terms and conditions of purchase that comply with the legislation. 

Press release

Synch legal advisor to Reforce International AB

14/10/2019

Reforce is a global company with headquarter in Stockholm, developing the SaaS product, ReExecute™. ReExecute™ offer digitalized goal steering leading to proven financial results.

Press release

Synch has been awarded Gasell 2019

11/10/2019

When we started Synch five years ago, we dared to invest in a law firm that works in a new and challenging way, and this is clear evidence that our clients appreciate it!

News

Meet Synch in San Francisco and Silicon Valley

03/10/2019

Synch’s Niels Dahl-Nielsen, Daniel Kiil and Josefin Skyttedal are going to San Francisco from October 7-11.

News

TechBBQ: ESTABLISHING YOUR BUSINESS IN THE NORDICS AND NORDIC CULTURE

17/09/2019

Synch is hosting the second panel session on Thursday, September 19, from 13:00-14:30 at the TalkBBQ stage. Join Synch at this panel discussion where an expert panel of entrepreneurs and legal advisors will debate a variety of dilemmas that startups and investors face.

News

The founders of Hiper is joining TechBBQ

16/09/2019

The founders of Hiper, Simon Lester Skals, Stig Myken and Nicolai Lamborg, is joining the TechBBQ stage on September 18 from 11:30-13:00.