EU’s General Data Protection Regulation (GDPR): Next step: DFDS to develop data protection solutions

As of 25 May 2018, DFDS must comply with EU’s new data regulation that aims to protect individuals against misuse of personal data compiled by companies and organisations about us all.

Personal data means any information that can be used to identify an individual directly or indirectly. This includes online identifiers such as IP addresses and cookies when they can be linked back to an individual. “And it is vital that we comply with the regulation. For DFDS, the fines for breaking the rules could amount to as much as EUR 75 million,” says Gunnar Hansen, Program Manager, IT.

Using insights for developing solutions
In preparation for the compliance work, Gunnar Hansen has been coordinating the efforts to map out the way we process personal data in the various business areas.  “We now have the insights we need to develop systems, procedures and controls to comply with the rules. Moreover, we will be able to document and demonstrate that we only collect the necessary data for specific purposes and that we only store the data for as long as we need to. We can also show that we treat the data in a secure and confidential manner, respecting the rights of all individuals,” he says.

What departments must do
All departments and business units must ensure that they comply with the requirements, including documenting the personal information they register about people. They must also understand DFDS’ obligations. Most importantly, departments and business units must arrange training for staff in cooperation with the GDPR team and formulate a Data Protection Procedure for their business area. This procedure must also cover external parties. See the full list of your tasks here

What the GDPR teams will deliver
The GDPR Core Team will support the departments in their compliance work; and furthermore, deliver the tools to search – upon requests – for personal information across mailboxes and network data folders, run tests, define roles and arrange e-learning and other types of training and awareness campaigns.

IT is responsible for monitoring abnormal system activity from a security point of view, for writing IT security policies and procedures and for building and training DFDS’ Computer Security Incident Response Team from Group IT. They will handle security emergencies and information to authorities in case of personal data breaches.

Timetable
The solutions must be tested, fully implemented and in use as of 25 May.

See the GDPR organisation here

February 16, 2018