The dizzying pace of technical developments over the last 20 years has resulted in a greater need for data protection for private individuals. Since the decision on a new data protection regulation was made by the EU, it is above all the tough penalties that have attracted attention. But legal expert Niels Dahl-Nielsen from the law firm Synch thinks that companies should instead raise their sights and see how they can use GDPR for their benefit.
"Private individuals have now lost control of their data, and they’re not confident that they can disclose information to companies. GDPR aims to safeguard the rights of people who are registered, which means that people will be happier to disclose information."
Disclosing personal data can provide many benefits that you want as a consumer in the form of smoother transactions and better customer service. A problem arises when it is passed on to a third party or used for something you do not want.
Strong pressure on GDPR consultants
Synch has had GDPR on the agenda since the regulation was adopted. The nearer they come to the transition, the more companies are getting in touch. Many businesses are wondering what they can and cannot do, and the legal experts at Synch are busy in both Sweden and Denmark, visiting trade fairs and conferences.
"I don’t believe that everything will be in place in May. But everyone is aware and the general level of data protection will improve."
As a company, you have an opportunity to position yourself as responsible and consumer-friendly if you have done your work on the transition.
"I believe that customers will go to those who have prepared themselves, while those who hoped that they could wait will lose market shares."
In a business that processes data, all employees need to be involved and able to show how they work on this issue. One initial step is to review the data you have, what you do with it and who has access to it. Email also counts as data, and GDPR applies not only to customers, but also to suppliers and HR.
"If you’re a small company the demands aren’t as tough, but you must prepare," says Niels Dahl-Nielsen.
Legislation is the same in all member states, and he believes that this will make it easier for new business startups to grow. As a startup now, you have to familiarise yourself with data legislation in 28 countries. This is a major task that often requires extensive legal assistance. As of 25 May, there will only be one law throughout the whole EU.
In Denmark, the new regulation represents a significant tightening, and the same is true for many Nordic countries. We traditionally have a high level of trust in the population thanks to the fact that we have low levels of corruption, stable democracies and good economies. Niels Dahl-Nielsen believes that this is why we are more relaxed in our handling of personal data, as this is not something we have been forced to look out for. Many authorities are currently being criticised for not having adequate protection.
‘"We often view ourselves in Scandinavia as role models. But we’ll have to prepare for tougher controls."
As an example, the person who provided personal data must be able to send an email and quickly receive all of his or her data. In the past, customer data was often seen as something that companies own and can do more or less what they want with. Now customer data is instead something that companies have borrowed and that they may need to give back.
Regardless of whether you choose to do the inventory yourself or bring in expert help, Niels Dahl-Nielsen advises businesses not to wait for criticism, but to start now. If you have tried to do the right thing and consulted a legal expert or IT expert, this is a benefit, even though you may be forced to supplement it.
"I believe that it can be very helpful to be able to show that you have made an effort."