Written by: Økland
How will the new data protection regulations affect your everyday life?
On 25 May 2018, the EU’s new General Data Protection Regulations (GDPR) enter into force. All residents of the EU and EEA will be given new rights and all businesses that process personal data will be given new duties. In connection with this, Advokatfirmaet Økland & Co DA will arrange a breakfast seminar on 19 January at which we will cover the most important aspects of the GDPR that you should be aware of in 45 minutes.
The GDPR defines personal data as “any data about an identified or identifiable person”. The definition covers all data that could be linked to an individual. This includes name, address, vehicle registration number, telephone number and e-mail address. Other data that you may not immediately consider to be personal data is also considered personal data, such as behaviour patterns, IP addresses and head shape (facial recognition).
In order to process personal data in line with the requirements set down in the GDPR, the business must have a legal basis for such processing. For private businesses, the most practical legal basis will either be that the processing of personal data is necessary to fulfil an agreement with the individual to which the data relates or on the basis of consent.
The GDPR also introduces other duties both for the data controller and for the data processor. This is new for the data processor in the GDPR, as data processors were previously given duties only through the agreement with the data controller. The GDPR also introduces requirements concerning the content of data processing agreements.
The GDPR also introduces a number of changes to the data protection regulations, including:
- Many businesses must appoint data protection officers.
- Anyone who processes personal data must provide clear and easy-to-understand information about how the data is processed.
- Everyone must assess the risks associated with a measure in terms of people’s rights and freedoms.
- “Privacy by design” is introduced. This means that all new solutions must be designed in the most privacy-friendly way possible. The most privacy-friendly configuration must also be the default.
The GDPR also introduces increased fines for violation of the data protection regulations. Fines can be up to EUR 20,000,000 or 4% of total global turnover, whichever amount is higher. This means that there could be critical consequences if a business fails to comply with the requirements set down in the GDPR.
We can help with this. Join our breakfast seminar on 19 January 2018 or get in touch with one of our lawyers within the field of privacy.