It can hardly have escaped anyone’s attention that personal integrity is a highly topical subject within the EU, and that the work to adapt the existing regulations to new technical developments has been ongoing for several years. The work with the new data protection regulation has taken a long time but has now entered an exciting phase, after the start of the so-called “trialog negotiations” between the Commission, the Council and the European Parliament over the summer. If the schedule is adhered to, a finished text is expected to be ready at the end of the year, and the new regulations will come into force from 2018.

The major changes as far as the handling of personal data is concerned are expected to include more explicit rights for individuals – for example, the right to request that personal data is deleted and the right for an individual to be given access to his or her personal data before it is transferred to another supplier. More explicit regulations are also expected regarding the responsibilities of those handling personal data, primarily data protection officers, but also data protection assistants. There are also proposals for so-called consequence analyses (privacy impact assessments), built-in data protection guarantees (built-in integrity/privacy by design) and the obligation to report any incidents to the regulatory authorities. There will be significant sanctions if a company or organisation does not comply with the regulations.

2018 may seem a long way away, but it can take time to ensure that a company or organisation is compliant, which is why it is a good idea to start the work now. Much of what applies today under the Swedish Personal Data Act (PuL) will continue to apply under the General Data Protection Regulation, and our recommendation is therefore that you start preparing now by examining how personal data is currently handled to ensure that you comply with the current PuL. We at Delphi have put together a package, which we call “Delphi Data Protection Due Diligence”, to ensure in a cost-effective and structured way that personal data is handled in accordance with the PuL requirements. The package includes access to complete lists of questions for data collection, training, coaching in connection with data collection, reports with implications for data handling and proposals for measures in the form of, for example, policy texts, information material and agreements to ensure “compliance”. Delphi Data Protection Due Diligence is available for a fixed price. Please contact us so that we can tell you more!