Security and the GDPR

The General Data Protection Regulation (GDPR) will enter into force 25 May 2018. One important principle of the regulation is that personal data shall be handled with integrity and confidentiality to ensure appropriate security of the personal data. This means for example protection against unauthorized processing and against accidental loss as well as destruction or damage.

The GDPR has tougher sanctions for noncompliance, such as liability for damage suffered as well as fines. A ‘controller’, the one who determines the purposes and means of the processing of personal data, have a responsibility to implement appropriate organizational and technical measures  to make sure there is a level of security that is appropriate to the risk. The measures can for example include pseudonymization and encryption of personal data; the ability to restore the access and availability if there is an incident; regularly testing the effectiveness of the security measure; and the ability to ensure ongoing confidentiality, availability and resilience of processing systems and services. As well as securities measures, the controller shall also take data protection measures by design and by default. Data protection by design and by default means that privacy requirement shall be a top priority and implemented in all processes, products or services by the controller – also when new services etc are developed.

With hackers constantly trying to stay one step ahead, it is important for organizations to be prepared in case they are subject to a personal data breach. A personal data breach means that there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. In case of a personal data breach, the controller have to notify the supervisory authority without due delay and when feasible within 72 hours. The notification shall include a description of the nature of the personal data breach; the contact point where the authority can collect more information about the breach; the likely consequences of the personal data breach and the proposed or taken measures to address the personal data breach. In some cases, when the breach is likely to result in a high risk to the rights and freedoms of natural persons , the data subject shall also be notified in a clear and plain language.

For further information, please contact Ida Häggström or Niels Dahl-Nielsen

News and Insights
Blog Posts

Responsibility of online platforms and the regressive opinion of the Advocate General

08/12/2020

This blog post was written by My Byström, lawyer at Synch A comment on the opinion of the Advocate General in joined cases Youtube (C-682/18) and Cyando (C‑683/18) In December, the CJEU is expected to deliver its judgement in the joined cases Youtube and Cyando, where questions regarding the liability of platforms for user uploaded materials have […]

News

SYNCH HAS ASSISTED LIPIDOR AB

18/01/2021

Lipidor AB (Nasdaq First North:LIPI) today announced that the company has signed an exclusive licensing agreement with Cannassure Therapeutics Ltd. (TASE:CSURE), an Israeli company specializing in the development and manufacture of innovative medicinal cannabis products. The license agreement was drafted and negotiated by Synch´s Sara Sparring. Under the agreement, Cannassure has the exclusive right to […]

News

Who’s Who Legal  

22/12/2020

Once again, Synch’s lawyers have become ranked in Who’s Who Legal. Among 28 000 lawyers and experts in 35 different areas, has Who’s Who legal identified the foremost legal practitioners and consulting experts in business law. It is impossible to buy entry into the publication We are happy to announce that the following lawyers of Synch are ranked: Anders Hellström: (National Guide) Category: Sweden – […]

Press release

SYNCH NEW LEGAL PARTNER TO VNTRS

18/12/2020

VNTRS Consulting AB (”VNTRS”) has chosen Synch as its new legal partner for its future effort of helping entrepreneurs and intrapreneurs to build digital products and services for the ever growing digital market. VNTRS is a consulting company and an early-stage investor that works in the area between digital product development and investments in technology […]

Press release

SYNCH AND WESTERMARK ANJOU MERGE

16/12/2020

The law firms Synch and Westermark Anjou merge under the Synch brand. The focus will continue to be on tech and digital business, while the offer is broadened. The merger means that Westermark Anjou adds expertise in Synch’s existing core areas, but also strengthens our offer within capital market law. “The vision we have had of following […]

Press release

Synch has acted as legal adviser to CovR Security AB

08/12/2020

Synch has acted as legal advisor to CovR Security AB in connection with the company’s recently completed financing of around SEK 20 million. Patrik Malmberg, co-founder and CEO. “Synch has assisted us with legal support within capital raising, commercial agreements, regulatory and intellectual property issues for many years. Synch’s expertise and experience, combined with their understanding of the challenges that growth companies are […]