Information security in supplier relationships
The IT contract is no longer just a commercial contract. Today, its primary purpose is to support the IT department's KPIs on availability – as close to 100% as possible. Therefore, it is important that you are aware of the requirements that the extensive cybersecurity regulation, such as NIS 2 implementation legislation and DORA, impose on the terms of an IT contract. The […]
Are US tech giants the future? Is your cloud exit plan ready?
Do you have a Cloud Exit Plan? With all the chaos following Trump's re-election as president and the noyb organization (none of your business) pointing out that it could soon become a very big problem to use the big US tech giants, especially in the context of GDPR, it is extra important that you have a cloud exit plan for your […]
NIS 2: Note – Who is covered in the water sector
As you know, NIS 2 applies to significant and important entities in various critical sectors, including the water sector. To be even more precise, it is the specific activities actually carried out by the entity that determine whether it is covered or not. One might even speak of a reality check when determining whether […]
Have you ensured the availability of data sufficiently in the event of an IT supplier's bankruptcy?
Have you considered what happens to your data if an IT supplier or a supplier's subcontractor (hosting supplier) goes bankrupt? Problem situation In the event of an IT supplier's (hereafter "supplier") bankruptcy, there is a risk that you as the data owner/data controller (hereafter "data owner") cannot have your own data returned from the supplier or that return can only be realized after a […]
Cyber Security Strategy – What is it? Why should I have one? How do I get started?
In connection with the new regulations such as NIS 2, DORA etc. personal responsibility has been dictated for management through responsibility for cyber security. Listen Jacob Naur briefly talk about what a cyber security strategy is, why you need one, and how to get started. You are of course very welcome to contact Jacob or a [...]
New million fine - remember to supervise your data processors
A new million fine has recently been proposed in connection with a data controller's neglect of his duty to carry out statutory supervision of his data processors. Hear our GDPR specialist and DPO Jakob Spliid briefly talk about the responsibility as a data controller in relation to the duty to supervise its data processors and about how, with guidance [...]
Whistleblower scheme: Applies from 50 employees - this is how you reach your goals
We are facing a massive further rollout of thousands of whistleblower schemes pursuant to the Act on the Protection of Whistleblowers. We have summarized the most important points from the directive, law and guidelines on the subject below, so that you have one place to look up and start your search for answers and resources. Content: 1. The management perspective Management can either see […]
Use of employee images and video
It generally creates a lot of confusion as to whether it is permissible to use images and videos of employees on the website, on the intranet and in marketing campaigns. We highlight the rules here. The employer's website As an employer, you can easily publish the employee's name, work areas and contact information. The basis for processing in these cases will be the data protection regulation's article 6, subsection 1, letter f (for [...]
Your child's use of social media is restricted as well as three other changes to the Data Protection Act
The Data Protection Act is proposed to be amended on four points effective from 1 January 2024: Children and social media The background of the bill: On 29 June 2022, the then government set up an expert group on tech giants, which aims to support the government's work in dealing with issues, which is connected to the tech-giant agenda in a national and international perspective. The expert group recommends […]
High penalty level, but difficult to predict
“It is a very important judgment because it helps to determine the practice for the level of fines for private companies. This case will be squinted when deciding similar cases in the future. And we are satisfied that the Eastern High Court broadly agrees with our original assessment of the level back from 2020.” The quote [...]
