ADVANCED TERMS – IT contracts and GDPR, NIS 2 and DORA
Background The IT contract began, widely regarded in the 90s, as a means of describing the delivery of services that the responsible parties at the parties did not have much experience with or technical insight into. Therefore, the first IT contracts were extensive, wordy and difficult to negotiate in place. Then came the cloud wave. The IT contract narrowed down to describing price and [...]
OpenAI / ChatGPT and other open AI platforms
Since ChatGPT's launch in November 2022, artificial intelligence has been on everyone's lips. Technology has opened up a world of possibilities. But is there something that you as managers in your organization should be aware of? Of course there is. We have summarized the most important below. AI, especially advanced Large Language Models (LLM) such as […]
GDPR – Data Protection for Small Businesses
How does GDPR compliance differ for large and small businesses? Datatilsynet has just launched a "GDPR universe for small businesses" - but what really is the difference between whether you are a large or small business when it comes to complying with the rules in GDPR. The guide generally consists of 7 points: GDPR universe for small businesses (datatilsynet.dk) [...]
Google Analytics – illegal! What now?
Datatilsynet is now following in the footsteps of other regulatory authorities and declaring the use of Google Analytics virtually illegal in terms of GDPR compliance. It has stirred up the past week, and it can be difficult to find out what to do, including what options there are to continue with GA, [...]
NIS2: We have mapped the requirements to the relevant standards
This post is written for the practitioners out there who already now little by little want to get an overview of what NIS2 actually means when NIS2 is expected to be finally adopted this year, as well as what needs to be done in order to get a method in the task solution. As you know, the most important requirements for the units [...]
How to find out if you have enough IT security: The value of a CIS Controls analysis
As a company, you must comply with existing and future laws, guidelines and other requirements for IT security. You must thus, among other things, be prepared for cyber attacks. You may have already been hit by successful attacks, so you know what that means. The insurance often also requires secure IT. All in all, one can […]
Lightning analysis: Datatilsynet enforces its cloud guidance
Datatilsynet issued a cloud guide in Danish and English in March this year. It was not only about transfer to the USA/unsafe third countries, although one would think so from what was subsequently focused on among the wise minds. For example, it was also about knowing your final processor (where is your data?), that [...]
Comment: Icelandic ban on cloud in the USA
In a new decision, the Icelandic Data Protection Authority has ruled that a school in Reykjavík may not use a US cloud provider: “[..] all processing in the Seesaw educational system should be seized and students' data deleted after being retrieved, if applicable, to be stored within each school. ” The order comes on top of all the controversy over shipments to the US […]
Drop the scare campaign: IT security only works with common sense
Summary When you need to establish information and cyber security, you must start by assessing how much security you need and how expensive it will be to achieve in relation to your maturity. For work, you can be inspired by a well-known standard (ISO270XX, NIST SP 800-XXX, CIS18 or similar). First to […]
Schrems II: You still probably don't have to do anything yet
Most organizations (public + private) transfer personal data outside the EU. This is not least typically the case if they use services from Microsoft. But it can also easily be done through other, smaller cloud tools. Unexpectedly, decisions have begun to emerge around the EU that actually take Schrems II seriously by imposing […]