{"id":6307,"date":"2019-06-10T08:27:30","date_gmt":"2019-06-10T06:27:30","guid":{"rendered":"https:\/\/www.gulliksson.se\/?p=6307"},"modified":"2019-06-10T08:28:29","modified_gmt":"2019-06-10T06:28:29","slug":"one-year-into-the-gdpr-the-gdpr-requires-a-continuous-and-systematic-approach","status":"publish","type":"post","link":"https:\/\/www.gulliksson.se\/en\/one-year-into-the-gdpr-the-gdpr-requires-a-continuous-and-systematic-approach\/","title":{"rendered":"One year into the GDPR: \u201cThe GDPR requires a continuous and systematic approach\u201d"},"content":{"rendered":"

[vc_row][vc_column][vc_column_text]Greater responsibility, new documentation requirements and hefty administrative fines. These were some of the most important new provisions to be aware of when the GDPR came into force in May last year.
\n<\/strong>– GDPR efforts did not end on 25 May 2018. It\u2019s extremely important for companies to have a systematic process for continuing efforts. Data protection is a continuous process and something companies need to work on regularly, says Mirja Ekdahl<\/a>, a Gulliksson senior associate whose specializations include data protection and privacy matters. <\/strong><\/p>\n

The General Data Protection Regulation (GDPR) entered into force throughout the EU with the aim of creating a uniform and comparable level of protection for personal data. \u00a0<\/span><\/p>\n

– Although many of the provisions of the GDPR are similar to the provisions previously stipulated in our Swedish Personal Data Act, it was made very clear to companies that they needed to review and in many cases improve their procedures, says Mirja Ekdahl<\/a>, who, along with her colleagues at Gulliksson, helped clients make adjustments to ensure their business was ready for and compliant with the legislation. \u00a0<\/span><\/p>\n

– During the course of this work, we also saw an increase in awareness for how important it is to protect and respect personal privacy, Mirja Ekdahl<\/a> explains as she highlights the recurring questions she asked when advising clients: \u00a0<\/span><\/p>\n

What personal data does the company process? Does the company process sensitive personal data? How does the company process this data? Does the company process the data based on consent, performance of a contract, a legitimate interest or another legal basis? Does the company provide sufficient information when collecting the data? Does the company have an adequate level of protection for the data? <\/span><\/p>\n

– In addition to taking a holistic approach to the company’s processing of personal data, specific questions came up about details like whether it’s OK to send payslips and other sensitive information by email, says Karin Strandberg<\/a>, a Gulliksson partner whose specializations include labour law. \u00a0<\/span><\/p>\n

GDPR compliance is a must \u2013 procedures and follow-up are required
\n<\/b>The Swedish Data Protection Authority can order companies in breach of the provisions of the GDPR to pay an administrative fine. The maximum amount of this fine is EUR 20 million or four percent of the company\u2019s total worldwide annual turnover, whichever is higher. The maximum amount for less severe breaches is EUR 10 million or two percent of the company\u2019s total worldwide annual turnover. \u00a0<\/span><\/p>\n

– Being hit with an administrative fine has an impact that goes beyond the money \u2013 it creates badwill for the company. Although the Swedish Data Protection Authority has not yet ordered any administrative fines at this time, the GDPR is here to stay and compliance is a must,\u00a0 says Mirja Ekdahl<\/a>. \u00a0<\/span><\/p>\n

Gulliksson provides ongoing support and advice
\n<\/b>In addition to reviewing your processing of personal data and your data protection, Gulliksson can ensure that you are fully compliant and draft procedures and compliance documents. Feel free to contact Gulliksson for a no-obligation meeting to discuss your company\u2019s continuing GDPR efforts and specific needs. <\/span><\/p>\n

Mirja Ekdahl, Senior Associate, Malm\u00f6
\n<\/span>+46 (0)70-513 13 70
\n<\/span>mirja.ekdahl@gulliksson.se <\/span><\/p>\n

Karin Strandberg, Partner, Malm\u00f6
\n<\/span>+46 (0)70-819 06 52
\n<\/span>karin.strandberg@gulliksson.se <\/span><\/p>\n

Magnus Friberg, Partner, Lund
\n<\/span>+46 (0)73-519 59 49
\n<\/span>magnus.friberg@gulliksson.se <\/span><\/p>\n

Ulrika Nordenvik, Senior Associate, Lund
\n<\/span>+46 (0)70-203 61 00
\n<\/span>ulrika.nordenvik@gulliksson.se <\/span><\/p>\n

The GDPR \u2013 some of the most important changes that entered into force in May 2018: <\/strong><\/p>\n