When we open a bank account, book a flight or sign up for a social network, we hand over personal information such as; name, address, CPR and credit card.

What happens to all that data? How long is it stored? Who has access? What rights do we have if others gain access to them? What is the consequence if this data is not handled properly?

The purpose of the EU's Personal Data Regulation (GDPR – General Data Protection Regulation) is to ensure answers to the above questions. It reinforces personal rights, increases requirements for data protection, creates consistent rules and introduces significant penalties for non-compliance.

Many companies have postponed dealing with the regulation due to doubts about how the regulation will be implemented in Denmark in practical terms. But we recommend allocating resources to a GDPR project and starting the work. The amount of work varies from company to company and therefore it is important to get an insight into the scope, so that the work can be started towards the deadline of 25 May 2018.

At Supporters, we are in the process of clarifying our role and responsibility towards you, as a partner (customer). As your external IT department, we are also in the process of preparing some instructions and guides. Therefore, we recommend meeting at the start of the new year so that we can discuss how we can help meet the requirements of the GDPR.

We've attached some great links to get you started on understanding GDPR:

The IT branch's checklist – link.

Bird&Bird's introduction to GDPR – link.

GDPR in its raw form – link.