Our data protection team
Compliance projects with data controllers and data processors
We have implemented GDPR compliance in a number of large, medium-sized and small Danish and international businesses, adjusted to the specific needs of each business.
We have developed the Integra ShareFile Solution; a tool to help customers set up clear compliance documentation, which both we and our customers can access and interact from. This means that the compliance work is carried out in close contact with the customer and the customer’s business.
Data processing agreements and inspections/audits
We are very experienced in drafting and negotiating data processing agreements and with the inspection of data processors and sub-processors.
Data protection in employment (HR)
The area of data protection law that is relevant to nearly all businesses, authorities and organisations is the HR area. The interface between the data protection rules and the labour employment rules, including collective agreements etc., is something that everyone should keep in mind.
We assist businesses, authorities and organisations in their handling of information about applicants, employees and former employees.
Furthermore, we assist with the drafting of IT policies, internal education and compliance with the duty of disclosure in employment contracts.
The Danish Data Protection Agency has produced a guide related to employment matters that can be found here.
Handling of data breaches
We are very experienced with the handling of data breaches, including reporting and subsequent correspondence with the Danish Data Protection Agency. By virtue of our IT qualifications we have drafted useful policies for e.g. disaster recovery etc. and tools to keep a safety log, for risk evaluation in relation to safety breaches etc.
Data protection and marketing
Marketing is often closely related to data protection and GDPR.
Our team has many years of experience with marketing and the interface with GDPR.
We advice businesses, authorities and other organisations about marketing, and we focus very much on online/data-driven marketing, the use of custom audience, data science, data management etc.
Assistance to data protection officers (DPOs)
We have developed the concept DPO BackOffice, which is a subscription-based telephone hotline for assistance regarding GDPR etc.
The concept is aimed at businesses, authorities and other organisations’ internal advisors, including also data protection advisors (DPOs).
Rights of data subjects
The rights of data subjects and their handling is very much in focus with the European supervisory authorities.
The purpose of the rules regarding handling of the rights of data subjects is to clarify towards the data subjects who processes their information and for which purposes and what the information is used for. These rules furthermore grant the data subject certain rights. These rights are based on the principle of the personal data regulation regarding transparency in connection with the processing of personal data.
In this connection it is important that the data controller keeps in mind that some of the rights of the data subjects must be automatically observed by the data controller, while others must be observed upon request from the data subject.
We assist businesses, authorities and organisations with their handling of the rights of data subjects, including by drafting usable and clear procedures and solutions.
Processing of health data etc.
In addition to the general data protection rules, our data protection team has a thorough insight into the special legislation relating to GDPR, including also in relation to health data.
Assistance in connection with inspection and/or correspondence with the Danish Data Protection Agency
We have assisted a large number of data controllers and data processors in connection with inquiries from the Danish Data Protection Agency, and our data protection team is very experienced with inspections and any matters related thereto.
Sufficient technical and organisational security measures
Integra Law Firm specialises in IT, tech and software, and our data protection team and the team in general have many years of experience with IT security. We assist businesses, authorities and organisations establishing a sufficient security level and ensuring the relevant procedures for handling of security breaches, procedures for setting up a sufficient security level etc.
In addition, we provide assistance with risk and impact assessments.
Furthermore, the Danish Data Protection Agency has issued notes of guidance regarding:
Transfer of data to countries outside the EU/EEA (third countries), including also intra-group transfers.
When data controllers request to transfer information to countries outside the EU/EEA, so-called third countries, certain requirements must be complied with. The same applies when data processers use so-called sub-processors established outside the EU/EEA.
When information is transferred to third parties, it must be considered whether the four essential safeguards are present.
We assist businesses, authorities and other organisations to ensure that a sufficient basis for the transfer exists.
As a result of Brexit, Great Britain will become a third country.
We will assist you in determining whether it will have any impact to you, as well as we will help you with a contingency plan.
The notes of guidance regarding transfer of information to third countries of the Article 29 Group can be found here.
The Danish Data Protection Agency’s notes of guidance regarding transfer of information to third countries can be found here.
The six “W” questions
Data processing record template
Security log (no risk assessment)
Security log including risk assessment
Tools for Article 32 assessments
Template for an annual wheel
Procedure for handling the rights of data subjects
Analysis tool for HR
Stand-alone statement of confidentiality/NDA
Contact us for prices of our tools
We offer different workshops, which we also use in connection with the implementation of our solutions. Contact us for more information.
Presentations and training
You will often meet our data protection team in connection with presentations and relevant arrangements.
Our data protection team is often booked for internal training and presentations, as well as Integra Law Firm also offers after-work meetings etc.
We acts as DPO for businesses and we also provide hotline solutions for data protection officers and others who are responsible for data protection/GDPR with businesses, organisations and authorities.