It generally creates a lot of confusion as to whether it is permissible to use images and videos of employees on the website, on the intranet and in marketing campaigns. We highlight the rules here. The employer's website As an employer, you can easily publish the employee's name, work areas and contact information. The basis for processing in these cases will be the data protection regulation's article 6, subsection 1, letter f (for [...]
The Data Protection Act is proposed to be amended on four points effective from 1 January 2024: Children and social media The background of the bill: On 29 June 2022, the then government set up an expert group on tech giants, which aims to support the government's work in dealing with issues, which is connected to the tech-giant agenda in a national and international perspective. The expert group recommends […]
How does GDPR compliance differ for large and small businesses? Datatilsynet has just launched a "GDPR universe for small businesses" - but what really is the difference between whether you are a large or small business when it comes to complying with the rules in GDPR. The guide generally consists of 7 points: GDPR universe for small businesses (datatilsynet.dk) […]
Datatilsynet is now following in the footsteps of other regulatory authorities and declaring the use of Google Analytics virtually illegal in terms of GDPR compliance. It has stirred up the past week, and it can be difficult to find out what to do, including what options there are to continue with GA, [...]
This post is written for the practitioners out there who already now little by little want to get an overview of what NIS2 actually means when NIS2 is expected to be finally adopted this year, as well as what needs to be done in order to get a method in the task solution. As you know, the most important requirements for the units [...]
Datatilsynet issued a cloud guide in Danish and English in March this year. It was not only about transfer to the USA/unsafe third countries, although one would think so from what was subsequently focused on among the wise minds. For example, it was also about knowing your final processor (where is your data?), that [...]
In a new decision, the Icelandic Data Protection Authority has ruled that a school in Reykjavík may not use a US cloud provider: “[..] all processing in the Seesaw educational system should be seized and students' data deleted after being retrieved, if applicable, to be stored within each school. ” The order comes on top of all the controversy over shipments to the US […]
Summary When you need to establish information and cyber security, you must start by assessing how much security you need and how expensive it will be to achieve in relation to your maturity. For work, you can be inspired by a well-known standard (ISO270XX, NIST SP 800-XXX, CIS18 or similar). First to […]
Most organizations (public + private) transfer personal data outside the EU. This is not least typically the case if they use services from Microsoft. But it can also easily be done through other, smaller cloud tools. Unexpectedly, decisions have begun to emerge around the EU that actually take Schrems II seriously by imposing […]
"UNITAS has taken up simulated answering of the questions towards some existing customers, and can conclude that with that the customers work with UNITAS has done, it enables them to correspond practically to a 12-figure throughout. ” UNITAS have requested insight into Datatilsynets (DT) questioning framework that is used against […]
