Publiceret: 24.05.2018Af Peter G. H. Madsen mail
The fear of enormous fines has boosted the demand for anything that can help companies get ready for the EU’s GDPR, which comes into effect on 25 May.
The internet is brimming with offers on everything from shredders to courses and consulting services for companies that do not feel that they posses the knowledge or tools necessary to comply with the new requirements for the processing of personal data.
It’s a busy time at law firm Plesner, says partner Michael Hopp.
“We’re surprised how late many people are taking action. It is all aspects of the new requirements people are asking us about,” says Michael Hopp, expert in data protection law, and adds:
“Some want us to do all the work for them. Some just want second opinions. But it’s getting a bit tight. It isn’t possible to take care of everything in just three days.”
See also: DI - You can trust Danish companies on personal data
A survey among DI’s members shows that many companies have had to look outside their own ranks to get a handle on the requirements in the new data protection laws.
In total, 30 per cent of companies say that they have either purchased consulting services and/or hired employees to ensure that they comply with GDPR.
One of the companies that has decided to bring in external consultants is Palsgaard Spær, which is Denmark’s biggest and oldest manufacturer of rafters.
“Essentially, it comes down to the fact that we do not have the competences necessary to ensure that we comply with GDPR ourselves. And since we don’t have the competences in-house, we’re forced to bring them in from outside,” says CEO Holger C. Hansen, and adds:
“Our calculations tell us that it’s cheaper to hire external help than to employ people ourselves to take care of it.”
See also: Dataprivacy - Only few companies are fully prepared
At Palsgaard Spær, they have brought in external expertise from a local law firm, which is reviewing the entire business in order to locate shortcomings in the company’s processing of personal data – and in that connection, to identify what Palsgaard Spær can do themselves and where they will have to enlist help.
“There has been a lot of hype surrounding GDPR, and it’s something we’ve spent a lot of energy on. Currently, we do not have a complete picture of its implications, but we will,” says Holger C. Hansen.
Also Jutland-based Danlaser, which manufactures and supplies industrial metal solutions, has had major focus on how the company will comply with GDPR rules. The company’s management has familiarised itself with the rules and developed a policy, which has subsequently been reviewed with the advisory board, a supplement to the board of directors.
“We now have a clear policy for how we process personal data, and we have obtained signatures from our employees to confirm that they consent to our storing of necessary personal data,” says Pia Grandelag.
According to Senior Consultant at DI, Morten Rosted Vang, it is important that companies carefully consider their needs for external support.
“It by no means all companies that require the help of consultants or lawyers to prepare for when GDPR comes into force. Naturally, there is a big difference between a big firm with several thousand employees and international sales and a smaller, more localised machine factory,” he says and adds:
“It is important, however, to note that no one can avoid dealing with personal data. It is essentially about creating a culture of better data discipline.”
With this in mind, DI has launched a comprehensive initiative to help member companies get ready. Among other things, DI has hosted a number of events, attended by over 2,000 companies in total. A special data protection website with guides and forms had also been set up, and DI’s lawyers offer legal advising and general guidance regarding GDPR.
“The goal is to reach 5,000 companies before May 25,” says Morten Rosted Vang.
It is his impression that companies now have far more focus on the processing of personal data than was the case just a few months ago.
“Earlier, many companies believed that the rules did not even apply to them. This is no longer the case. We are receiving very concrete and informed questions from member companies,” he says.
It is one thing, however, to be aware of the implications of GDPR. Complying with the requirements is a whole other story, and according to Morten Rosted Vang, it is unlikely that all companies will be ready by 25 May.
“The major challenge is to clean up data and delete the things that cannot justifiably be stored,” he says.
Partner Michael Hopp at law firm Plesner agrees with this assessment.
See also: Blog - Time to boost EU's digital IQ