Security and the GDPR

The General Data Protection Regulation (GDPR) will enter into force 25 May 2018. One important principle of the regulation is that personal data shall be handled with integrity and confidentiality to ensure appropriate security of the personal data. This means for example protection against unauthorized processing and against accidental loss as well as destruction or damage.

The GDPR has tougher sanctions for noncompliance, such as liability for damage suffered as well as fines. A ‘controller’, the one who determines the purposes and means of the processing of personal data, have a responsibility to implement appropriate organizational and technical measures  to make sure there is a level of security that is appropriate to the risk. The measures can for example include pseudonymization and encryption of personal data; the ability to restore the access and availability if there is an incident; regularly testing the effectiveness of the security measure; and the ability to ensure ongoing confidentiality, availability and resilience of processing systems and services. As well as securities measures, the controller shall also take data protection measures by design and by default. Data protection by design and by default means that privacy requirement shall be a top priority and implemented in all processes, products or services by the controller – also when new services etc are developed.

With hackers constantly trying to stay one step ahead, it is important for organizations to be prepared in case they are subject to a personal data breach. A personal data breach means that there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. In case of a personal data breach, the controller have to notify the supervisory authority without due delay and when feasible within 72 hours. The notification shall include a description of the nature of the personal data breach; the contact point where the authority can collect more information about the breach; the likely consequences of the personal data breach and the proposed or taken measures to address the personal data breach. In some cases, when the breach is likely to result in a high risk to the rights and freedoms of natural persons , the data subject shall also be notified in a clear and plain language.

For further information, please contact Ida Häggström or Niels Dahl-Nielsen

News and Insights
Blog Posts

Responsibility of online platforms and the regressive opinion of the Advocate General

08/12/2020

This blog post was written by My Byström, lawyer at Synch A comment on the opinion of the Advocate General in joined cases Youtube (C-682/18) and Cyando (C‑683/18) In December, the CJEU is expected to deliver its judgement in the joined cases Youtube and Cyando, where questions regarding the liability of platforms for user uploaded materials have […]

Press release

Synch recognised for work on landmark copyright case

30/03/2021

Innovative business law firm Synch received the Impact Case of the Year (Sweden) award at the Managing IP Awards 2021 in recognition of its work on the Telia Sverige v Warner Bros Entertainment & Ors case. The awards were presented in a virtual ceremony, which was broadcast online on March 30 2021. The decision of […]

Press release

Synch has acted as legal advisor to Slitevind AB

04/03/2021

Synch has acted as legal advisor to Nasdaq First North listed company Slitevind AB in a directed new issue of approximately SEK 43 million. The new share issue was carried out as an accelerated bookbuilding procedure together with ABG Sundal Collier. Slitevind, with its headquarter in Visby, is active in wind power production with wind […]

Blog Posts

BOLAGSSTÄMMA 2021 – HÖG TID ATT BESTÄMMA SIG!

03/03/2021

Många bolagsstyrelser har planerat sina årsstämmor sedan flera månader tillbaka. Andra har inte kommit riktigt lika långt. I det senare fallet är det hög tid att ta ställning till i vilken form man önskar genomföra årets stämma. Fortfarande gäller de tillfälliga lättnader för genomförandet av bolagsstämmor som riksdagen beslutade om under 2020 till följd av […]

News

Synch has been shortlisted for Firm of the Year– Copyright & Design

23/02/2021

Managing IP has published the EMEA shortlists for the 16th annual Managing IP Awards 2021 on March 30. We are honoured to announce that Synch has been shortlisted for “Firm of the Year – Copyright & Design”. Fantastic news for Synch and our brilliant IP team!

Press release

Synch acted as legal advisor to Insurely

19/02/2021

Synch acted as legal advisor to Insurely in connection with the company’s recently completed financing round, with Luminar Ventures as the main investor, of SEK 25 million. The company offer API services in insurance data, which enables insurers and financial companies to be able to personalize and streamline the customer journey online, optimize their pricing […]

News

Synch has been acknowledged by the World Trademark Review 1000

18/02/2021

We are proud and honoured to announce that Synch has been acknowledged by the World Trademark Review 1000: The World´s Leading Trademark Professionals for 2021! Congratulations to our lawyers Sara Sparring and Mathilda Nordmark who have received individual recognition. Mathilda for enforcement and litigation and Sara has once again, as the only Swedish lawyer, been recognised in all three categories anti-counterfeiting, enforcement & […]