Do you remember what happened on May 25, 2018?
That was day GDPR came into effect and a new set of requirements for organizations' processing, retention of personal data and documentation became part of the agenda.
On the 2nd anniversary of the EU’s General Data Protection Regulation, the privacy team at our partner, Plesner, prepared a special newsletter in which they cover the first two years of GDPR.
In the newsletter, they have also collected important verdicts from The Danish Data Protection Agency since May 25, 2018.
They go through the following cases:
- TAXA 4x35 reported to the police for failing to comply with GDPR's data minimization and deletion rules
- ID Design reported to the police
- Critic of Pandora for using ID Validation when receiving requests from registered users
- Insight at DSB
- Jobteam reported to the police for deleting information covered by insights request
- TDC and their data minimization
- Rejsekort A/S' injunction
- Violation of personal data security at PFA Pension
- BEC discloses protected address information
- Gladsaxe and Hørsholm Municipality reported to the police for inadequate treatment security
- Supervision of therapists in Randers Municipality
We can learn a great deal from these cases, and they show us that there are many areas of the Personal Data Protection Regulation that individual companies, organizations, and public institutions must deal with to achieve compliance.
If your organization is still struggling to reach the goal of your GDPR work, then it is not a wonder. Working with GDPR is an ongoing process where you, as a data controller, must be able to handle and document the processing of personal data in accordance with the ules.
It also means that once you comply with the rules, your work on governance begins. Here, for example, controls and reassessments must ensure that continuous compliance work is carried out.
And that can be quite a mouthful to swallow.
In retrospect, Michael Hopp recognizes this when he writes:
“Data protection is an area that is constantly evolving. The flow of new verdicts and rulings is continuous, and the bar for GDPR compliance continues to be raised. In other words, the work on the Personal Data Protection Regulation is comprehensive and legally complicated.”
Get help to comply with GDPR
In collaboration with Plesner, we have developed a GDPR software solution that can help and guide your organization when managing, controlling, and documenting your compliance efforts.
This makes working with GDPR easier and far more manageable.
Read about our GDPR solution here.