It generally creates a lot of confusion as to whether it is permissible to use images and videos of employees on the website, on the intranet and in marketing campaigns. We highlight the rules here. The employer's website As an employer, you can easily publish the employee's name, work areas and contact information. The basis for processing in these cases will be the data protection regulation's article 6, subsection 1, letter f (for [...]
The Data Protection Act is proposed to be amended on four points effective from 1 January 2024: Children and social media The background of the bill: On 29 June 2022, the then government set up an expert group on tech giants, which aims to support the government's work in dealing with issues, which is connected to the tech-giant agenda in a national and international perspective. The expert group recommends […]
“It is a very important judgment because it helps to determine the practice for the level of fines for private companies. This case will be squinted when deciding similar cases in the future. And we are satisfied that the Eastern High Court broadly agrees with our original assessment of the level back from 2020.” The quote [...]
Jacob George Naur
Background The IT contract began, widely regarded in the 90s, as a means of describing the delivery of services that the responsible parties at the parties did not have much experience with or technical insight into. Therefore, the first IT contracts were extensive, wordy and difficult to negotiate in place. Then came the cloud wave. The IT contract narrowed down to describing price and [...]
This post is written for the practitioners out there who already now little by little want to get an overview of what NIS2 actually means when NIS2 is expected to be finally adopted this year, as well as what needs to be done in order to get a method in the task solution. As you know, the most important requirements for the units [...]
Datatilsynet issued a cloud guide in Danish and English in March this year. It was not only about transfer to the USA/unsafe third countries, although one would think so from what was subsequently focused on among the wise minds. For example, it was also about knowing your final processor (where is your data?), that [...]
In a new decision, the Icelandic Data Protection Authority has ruled that a school in Reykjavík may not use a US cloud provider: “[..] all processing in the Seesaw educational system should be seized and students' data deleted after being retrieved, if applicable, to be stored within each school. ” The order comes on top of all the controversy over shipments to the US […]
Summary When you need to establish information and cyber security, you must start by assessing how much security you need and how expensive it will be to achieve in relation to your maturity. For work, you can be inspired by a well-known standard (ISO270XX, NIST SP 800-XXX, CIS18 or similar). First to […]
Most organizations (public + private) transfer personal data outside the EU. This is not least typically the case if they use services from Microsoft. But it can also easily be done through other, smaller cloud tools. Unexpectedly, decisions have begun to emerge around the EU that actually take Schrems II seriously by imposing […]
We all have to make rubber figures My youngest daughter came home from kindergarten one day and showed me a brownish figure she had made at school. The figure was a bit uninteresting as it stood on the kitchen table, but you clap as you should as a father. What the elementary school says is always right and I should not […]