We help you to become compliant with GDPR
The Data Protection Regulation (GDPR) is a European regulation that regulates how organizations can and must process personal data. The GDPR forms the basis for the protection of the privacy of persons when processing personal data within the EU, which is a fundamental human right and must therefore be protected.
A basic principle is that personal data may only be processed in a legal, correct and transparent manner in relation to the data subject. The processing is lawful only if it is based on one of the permitted legal grounds, for example by consent of the data subject.
Let us advise and review your data protection work
Data protection work is an ongoing work, and often involves dealing with tricky questions and difficult challenges, especially when it comes to changing the organization and adapting it to the law.
In the role of external adviser, we at Secify offer a number of different solutions such as project statements, review of internal and external parties, as well as in-depth advice.
Our advisors consist of specialized data protection lawyers, experienced information security advisors and IT security specialists, who, through a close exchange of skills and experience, strive to offer advice on everything from law to suitable IT security solutions.
Testimonials
“In our work with GDPR, Secify has been our partner and security. Without the knowledge that Secify possesses, we as a company would not have progressed far in the implementation of GDPR”
”As our external Data Protection Officer, Secify has helped us solve complex data protection issues. They have given advice, supported and reviewed our company’s processing of personal data in an exemplary manner. The expert competence that we get from Secify creates the conditions for continued safe data protection work in our organization.”
Några av våra kunder
We offer a range of different services and arrangements within the GDPR area
One of our most popular and well-liked services is the DPO (data protection officer) service, also called external data protection representative. Then you hire a consultant with us who works with data protection for a predetermined number of hours with you every month.
Secify provides you with an independent specialist, who acts as both reviewer and advisor for your data protection work, and ensures that your business complies with the GDPR.
Privacy counsel as a Service
Secify provides you with a data protection specialist with a pragmatic approach, as well as the tools needed to drive and support your operational work with data protection.
GDPR framework
Secify supports and develops a business-adapted framework to establish or renew your data protection organization.
Secify analyzes your existing data protection work to check the level of compliance.
Cookie-audit
We examine your organization’s website and ensure that the correct information about cookies is available and that cookies are handled correctly, in accordance with existing legal requirements.
Supplier audit (Privacy)
Secify supports you in reviewing and checking existing, but also new suppliers who may process personal data for your business.
Training
We also carry out training efforts in both basic and more advanced areas linked to data protection, as well as advice on specific issues such as; DPIA, contract review, procurement and more.
FAQ
Here are answers to the most common questions about GDPR. Do you have a question that is not listed? Use the contact form further down the page.
No, not necessarily. A data protection officer can be an employee, but the function can also be filled by an external party, such as a consultant.
No, there are no explicit requirements that the data protection officer must have a law degree. However, the data protection officer must have; good knowledge of data protection, good expertise and the business and sufficient resources for their mission.
Yes in theory, but the Data Protection Officer must be able to work independently and independently, without being influenced by others within the organization. It is therefore important that the data protection officer does not have other tasks that may conflict with the role of data protection officer.
It is possible within groups and also for independent companies. What is required is that the data protection officer must be able to put in the resources required to reach what is prescribed in the GDPR’s articles. this also applies to public organisations
The data protection officer must:
- Advise on impact assessments
- Be the contact person for the countrys authority for Privacy Protection
- Be the contact person for the registered and the staff within the organization
- Cooperate with the authority for Privacy Protection, for example during inspections.
The data protection officer has no personal responsibility for the organization’s compliance with the data protection regulation. That responsibility always rests with the person in charge of personal data or with the personal data assistant. The data controller may also not punish the data protection officer for having performed his duties.
Unlike a DPO, the DOM has a more operational role.
The external representative’s advantages are that the person usually brings skills from several organizations and knowledge of current practices. An external representative is also not bound by any place in the organizational hierarchy and does not risk being limited in practice because of this.
No, it is important that the data protection officer is objective in his task. For example, it is not appropriate for the data protection officer to sit in the organization’s management or to be involved in making strategic decisions about the core business that includes personal data processing.
Yes, a group can act as a data protection officer, but an appointed contact person is always required.
The data protection officer needs register to the authority that handles privacy and GDPR questions in their country.
Yes, the fact is that the supervisory authority encourages all organizations to appoint a data protection officer. This is to be able to communicate more easily when necessary with the supervisory authority, as well as to organize the work with data protection.
The short answer is yes. Organizations that are obliged by law to have a data protection officer (for example government agencies, or socially important actors), may receive sanctions if they have not employed or alternatively implemented a data protection officer function.
No, not all organizations are required by law to have a data protection officer, but almost all must comply with the GDPR. It can therefore be of great value to a business to have someone who ensures that the ordinance is followed.
