This post is written for the practitioners out there who already now little by little want to start forming an overview of what NIS2 concretely means when NIS2 is expected to be finally adopted this year, as well as what needs to be done in order to get a method in the task solution. As you know, the most important requirements for the units [...]
Datatilsynet issued a cloud guide in Danish and English in March this year. It was not only about transfer to the USA/unsafe third countries, although one would think so from what was subsequently focused on among the wise minds. For example, it was also about knowing your final processor (where is your data?), that [...]
In a new decision, the Icelandic Data Protection Authority has ruled that a school in Reykjavík may not use a US cloud provider: “[..] all processing in the Seesaw educational system should be seized and students' data deleted after being retrieved, if applicable, to be stored within each school. ” The order comes on top of all the controversy over shipments to the US […]
Summary When you need to establish information and cyber security, you must start by assessing how much security you need and how expensive it will be to achieve in relation to your maturity. For work, you can be inspired by a well-known standard (ISO270XX, NIST SP 800-XXX, CIS18 or similar). First to […]
Most organizations (public + private) transfer personal data outside the EU. This is not least typically the case if they use services from Microsoft. But it can also easily be done through other, smaller cloud tools. Unexpectedly, decisions have begun to emerge around the EU that actually take Schrems II seriously by imposing […]
We all have to make rubber figures My youngest daughter came home from kindergarten one day and showed me a brownish figure she had made at school. The figure was a bit uninteresting as it stood on the kitchen table, but you clap as you should as a father. What the elementary school says is always right and I should not […]
For consideration: When sending targeted advertisements through Facebook, you must comply with section 3 of the Marketing Act (traders must demonstrate good marketing practice, taking into account consumers, traders and the public interest). That's what the Consumer Ombudsman says. If you still violate the rules, then Facebook must make you aware of it in accordance with the data protection rules? This may be the consequence of the following regulatory conditions […]
Brexit means Brexit. And out they came. Finally. So now we dare to write a little about what Brexit means in relation to the data protection rules. The agreement between the EU and the United Kingdom / UK states that 2020 is a transitional period in which EU rules will continue to apply in the UK. Thus see Articles 126 - 127: Article 126: There is […]
The match ended in a draw: Understandable frustrations were met by good answers. In addition to students not having to be cut out of pictures when they change schools, we were clarified once again that consent is always the worst possible legal basis. Use something else - anything else, just use something else. For example, the exercise of authority. Public authorities should simply […]
UNITAS answers the most common questions here Datatilsynets standard contract provisions as well as highlighting a number of changes. The Standard Contractual Clauses replace the Data Processor Agreement Template The Standard Contractual Clauses are a revised version of Datatilsynets data processor agreement template and is hereinafter referred to as the Provisions. Overall, it must be agreed that the Provisions are made mandatory in their full extent if you want to achieve increased security [...]
