Advantage Austria Show navigation

LEGAL NEWS - The new Data Protection Regulation

Logo NJORD Law Firm
18. March 2016

The European Commission proposed a draft for a new Data Protection Regulation in 2011. The content of the new Data Protection Regulation is now final, and it is expected that the Regulation will come into force in June 2016. Companies have then two years to make sure their practice and policies comply with the provisions in the Regulation. Private companies have to be aware that the Regulation will cause significant changes compared to the current state of law.

The most important changes in the new Data Protection Regulation are:

  • A tightening up of the conditions regarding consent of the person whose data will be registered.
  • Better rights for the person whose data are registered in a database.
  • A right-to-be-forgotten clause.
  • The companies’ duty to prove that they meet the rules in the Regulation (accountability).
  • A duty to inform the Danish Data Protection Office or the registered person if the company’s system is exposed to a hacker attack.
  • All public authorities and private companies have to appoint a Data Protection Officer.
  • A new “One-stop-shop” mechanism for groups of companies that are established in more than one European country.
  • Fines up to 4% of a company’s global turnover


Scope of application

The scope of the Regulation is broad and comprises all private companies and organizations and public authorities. It is therefore advisable to introduce the necessary changes already now in order to ensure to meet the new conditions when the Regulation comes into force.

TO DO’s:

  • Carry out an overall legal analysis of your company. The main purpose of the process is to clarify whether the changes of the Regulation actually have an impact on your company and if so, to identify which changes are the most important ones for your company. 
  • Identify all the personal data your company processes. It can be hard to find information about all the procedures that include the processing of personal data, but it is an important step to minimize the risk of illegal data processing and to ensure that you respect the rules of the Regulation in practice.  
  • Make sure you have a general overview of the company’s suppliers. One of the biggest risks of breaking the law occurs if your company uses an external supplier to handle the company’s personal data (data protection unit). Therefore, your company should make a thorough investigation in order to identify all suppliers with whom the company has contracts. An example could be a supplier of cloud solutions. When your company has identified all the suppliers, the next step is to renegotiate the contracts in order to ensure that all contracts contain the necessary provisions in the light of the new Data Protection Regulation.  
  • Check the accountability of the company. When the new Regulation takes effect, the responsibility for the processing of data is definitely removed from the local data protection office to the companies. To avoid a huge fine because a processing method is in breach of the Regulation, it is important that the company, as the responsible data protection unit, can prove the rules are met. 

In case of any further questions concerning the Danish Marketing Practices Act and unsolicited communication you are welcome to contact lawyer Stefan Reinel, sr@njordlaw.com and assistant attorney Sabine Glatz sag@njordlaw.com .



print
©©ADVANTAGE AUSTRIA