The Personal Data Compliance Package

You get assistance in complying with the basic personal data requirements, such as information to be provided, maintaining records, IT security policy, rules on erasure, and data processing agreements.

Basically, the Danish Data Protection Act and the General Data Protection Regulation imply to keep check on the following:

  • Records of processing activities
  • Compliance with the duty of disclosure to data subjects
  • Data processing agreements with third parties of relevance
  • Security of processing
  • Internal guidelines regarding erasure, email encryption, etc.

NJORD’s Personal Data Compliance Package covers these essential requirements. For example, information letters to employees and job applicants, privacy policies on websites, email policies, IT security policies and consent forms.

Based on our experience with many types of businesses, we can also handle the very basic requirements within marketing law, human resources law, and video monitoring.

The process

NJORD offers an introductory meeting with a detailed description of the product based on your specific demands and business. Subsequently, our GDPR lawyers typically study the dataflow in order to prepare the necessary documentation for personal data compliance. You receive an action plan with an overview of the scope and schedule of the assignment. Once the action plan has been implemented, and the solutions are implemented in the company, NJORD submits a final personal data compliance report with a brief description of what has been completed. The report serves as documentation of compliance with the data protection rules.

We trust that the Personal Data Compliance Package will provide you with more than compliance. You get things done, and you send a clear message to customers, employees, and business partners.

In addition to the Personal Data Compliance Package and upon assessing your specific needs, we can also assist you with the more detailed and complex parts of the GDPR, especially in terms of risk assessments, consequence analyses, email encryption, and transfers to third countries. Is it, for example, sufficient if a business partner is certified with the EU-US Privacy Shield when transferring personal data to the USA?

If you are part of a large group of companies, we can, based on our international experience, clearly state in which cases you must keep check on your personal data compliance, and in which cases your parent company must assist you.