Security and the GDPR

The General Data Protection Regulation (GDPR) will enter into force 25 May 2018. One important principle of the regulation is that personal data shall be handled with integrity and confidentiality to ensure appropriate security of the personal data. This means for example protection against unauthorized processing and against accidental loss as well as destruction or damage.

The GDPR has tougher sanctions for noncompliance, such as liability for damage suffered as well as fines. A ‘controller’, the one who determines the purposes and means of the processing of personal data, have a responsibility to implement appropriate organizational and technical measures  to make sure there is a level of security that is appropriate to the risk. The measures can for example include pseudonymization and encryption of personal data; the ability to restore the access and availability if there is an incident; regularly testing the effectiveness of the security measure; and the ability to ensure ongoing confidentiality, availability and resilience of processing systems and services. As well as securities measures, the controller shall also take data protection measures by design and by default. Data protection by design and by default means that privacy requirement shall be a top priority and implemented in all processes, products or services by the controller – also when new services etc are developed.

With hackers constantly trying to stay one step ahead, it is important for organizations to be prepared in case they are subject to a personal data breach. A personal data breach means that there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. In case of a personal data breach, the controller have to notify the supervisory authority without due delay and when feasible within 72 hours. The notification shall include a description of the nature of the personal data breach; the contact point where the authority can collect more information about the breach; the likely consequences of the personal data breach and the proposed or taken measures to address the personal data breach. In some cases, when the breach is likely to result in a high risk to the rights and freedoms of natural persons , the data subject shall also be notified in a clear and plain language.

For further information, please contact Ida Häggström or Niels Dahl-Nielsen

News and Insights
Blog Posts

Responsibility of online platforms and the regressive opinion of the Advocate General

08/12/2020

This blog post was written by My Byström, lawyer at Synch A comment on the opinion of the Advocate General in joined cases Youtube (C-682/18) and Cyando (C‑683/18) In December, the CJEU is expected to deliver its judgement in the joined cases Youtube and Cyando, where questions regarding the liability of platforms for user uploaded materials have […]

Press release

Synch has acted as legal advisor to Favro

05/01/2022

Synch has acted as legal advisor to Favro in its USD 4.25 million seed funding lead by Practica Capital and Scale capital with participation from Creandum, Inbox Capital, serial entrepreneur Christopher Beselin, and other strategic investors. Favro offers a collaborative planning platform that accelerates growth by bringing more business agility to the future of working-from-anywhere. […]

Blog Posts

Increased possibilities for Companies to enjoy tax relief when implementing qualified employee stock options  

09/12/2021

In the budget bill for 2022, the Swedish government proposes amendments to the regulations on taxation of employee stock options. The proposal eases the fiscal burden for some young businesses which means that more companies can take advantage of the benefits with tax exempt qualified employee stock options. The new rules are proposed to enter into force on 1 January 2022.   As of today, employee stock options have not been taxed as income of employment if certain requirements of the issuing company, and […]

Blog Posts

Blockchain and the law – an introduction 

09/12/2021

More and more people are familiar with the term “blockchain” however not everyone would claim that they get it or be sure what it is supposed to be used for. Blockchain – this amazing and somewhat mystical invention – is generating a gigantic measure of interest in the innovation field among both startups, cryptocurrency enthusiasts, governments, the security industry, the art field and more. It is anticipated to […]

Blog Posts

Are you aware of the new Whistleblower Protection Act? Let Synch help you with WeSynch Whistle!

09/12/2021

Do you remember the GDPR-stress back in 2018? Make sure to be ready this time!  The Directive (EU) 2019/1937 of the European Parliament and the Council on the 23rd of October 2019 (the “Whistleblowing Directive”) lays down the regulatory requirements for the Member States concerning the protection of whistleblowers.  In the light of the Whistleblower Directive, the Swedish Government presented a proposition on the 20th of May 2021 for the implementation […]

Press release

Synch advised All Ears in their latest funding

07/12/2021

Synch acted as legal advisor to All Ears AB in connection with their latest funding round where they raised 50 MSEK. Bonnier Ventures acted as lead investor and also Alfvén & Didrikson participated.. All Ears monitors the new spoken media through media monitoring and social listening services such as TV, radio, podcasts, YouTube and other […]

Press release

Synch assists when a leading IAM player is created

26/11/2021

Synch has assisted SecMaker and its owners in connection with the merger with Pointsharp. The merger creates a leading software provider in identity and access management. Pointsharp, with the support of Main Capital, is on a growth journey to become a leading European supplier in identity and access management. The acquisition of SecMaker is the […]