Curious minds, start here!
< All knowledge base articles
Print

The Danish General Data Protection Regulation (GDPR)

We have built our business and solutions to support and thus comply with the Danish General Data Protection Regulation (GDPR), which came into force on May 25, 2018.

Read more on the Danish Data Protection Agency’s website.

Read more below, or click here and fill out our online contact form to book a call with one of our sales consultants.

Guide to understanding GDPR

There is a lot to get to grips with when it comes to GDPR and the new Danish General Data Protection Regulation.

We therefore also refer to this easy-to-understand guide, which is somewhat easier to get started with than sitting down and reading the legal text.

Read the easy-to-understand guide by clicking here

How we have secured our solutions

We have ensured and can guarantee via a data processing agreement that the solutions placed with us, as a 100% Danish hosting and operations provider, comply with the Danish General Data Protection Regulation, in addition to offering a solid, robust and serious framework for the operation of the same, based on the following criteria.

  • We are a Danish company with Danish owners.

  • We have technical equipment located in Danish data centers owned by Danish company(ies) with Danish ownership.

  • We are the data controller and data processor for our own company.

  • We work according to the ISO/IEC 27001 ISMS principles in our daily work.

  • We have documented our own processes and handling of sensitive personal data.

  • We offer our customers a data processing agreement when their solutions are placed with us.

  • We offer our customers a standard process description for their document management, which can be used to create a precisely tailored version per company.

  • We offer our customers a standard risk analysis and impact documentation for their overall document management, which can be used to create a precisely tailored version per company.

  • We offer our customers a data owner agreement when their solutions are placed with us.

  • We have not outsourced the handling and storage of our own company’s CPR numbers and personal data to companies abroad.

  • Our backup equipment is located in other Danish and European data centers than the Danish data center(s) where data is “produced”.

  • Our monitoring equipment is located in other Danish and European data centers than the Danish data center(s) where data is “produced”.

As you can read, we have actually taken a position on how data is placed and handled under our auspices, which should complement your company’s desire to comply with these regulations.

If you have any questions or thoughts on the above – please contact us and learn more via our help center contact form.

How to secure your own solutions

The way in which you (as a company) comply with the GDPR and the above-mentioned existing data protection regulation is by placing your data in a solution with us, where we assist you in documenting the process flow and advise you on the use of the solution.

After that, you “just” need to remember not to share people’s sensitive data with other data sources outside our solution, unless you comply with the law and the roles of data controller and data processor.

This means that according to the regulations, you are not allowed to store sensitive personal data on technical equipment in other countries, or with hosting or cloud service providers in Denmark, unless they can guarantee you via a data processing agreement that data will not come into contact with e.g. backup, servers or mail solutions outside Denmark.

It is therefore important for you (as a company) to enter into a dialog with us about how you handle your data as soon as it is placed on our equipment so that you do not suddenly end up in a situation where you (unintentionally) violate the Danish General Data Protection Regulation.

Table of Contents