Are you ready for the GDPR? We’re tackling your hardest questions
As a SoMe professional, you are most likely handling personal data on behalf of your company. This is why EU’s General Data Protection Regulation (GDPR) will impact your daily work. We sat down with Niels-Dahl-Nielsen, Lawyer at Synch Law & Komfo Summit speaker, to tackle your hardest GDPR questions with cold facts and actionable tips.
What is the GDPR law and when will it come into force?
While leaving a certain scope for EU member states to implement national rules on specific areas, the GDPR replaces local data protection laws in the EU member states with a single, uniform set of rules governing the processing of personal data. The GDPR provides for a one-stop-shop mechanism, which facilitates consistent enforcement of privacy law across Europe and enhances clarity and predictability of all operations involving processing of personal data. The GDPR will be enforced as of 25th of May 2018.
“Adopt a new mindset whereby awareness of data protection is in focus in the entire organisation.”
What do I need to prepare as a company?
Companies should create an overview of their data processing activities in order to make sure to meet the requirements of the GDPR. Among these, companies must make sure to have a legal basis for their processing of personal data. Where the legal basis for the processing is the consent of the data subjects, companies must make sure that consents are collected in accordance with the requirements of the GDPR. Among other things, this means that silence as consent or pre-ticked boxes are not good enough. Furthermore, companies must make sure to have data processing agreements in place with all parties processing personal data on their behalf. Finally, data processing activities must be organised in a way that is easy and secure for the data subjects to exercise their rights and in a manner that all activities are subject to appropriate technical and organisational security measures. This means that companies must think personal data protection into the company’s whole way of doing business.
“Companies must think personal data protection into the company’s whole way of doing business.”
How will it affect the work of social media responsible?
How will it affect the work of social media responsible?
“Think data protection by design and data protection by default. Data protection by design is an organisation-wide task. Not limited to the confines of software development.”
What are your three tips for companies working with social media?
- Adopt a new mindset
whereby awareness of data protection is in focus in the entire organisation. Think data protection by design and data protection by default. Data protection by design is an organisation-wide task. Not limited to the confines of software development. - Have appropriate data processing agreements in place
with all SoMe platforms that are to be regarded as data processors. - Transparency
Be very specific towards data subjects that data processing operations of the company involves the use of data processors such as SoMe platforms.
