Find Answers to your Questions
GDPR FAQ
What is GDPR and why is it important for businesses?
GDPR stands for General Data Protection Regulation and is the European Union’s (EU) rules on the protection of all individuals’ personal data. Businesses, amongst others, are obligated to comply with the requirements set out in the Regulation, e.g., to have a legal basis for processing, to inform the individuals concerned about the processing, to ensure fundamental rights, and to make sure that there is a basis for the transfers of personal data.
What type of data does GDPR cover?
As a main rule GDPR covers all types of personal data. In general, a distinction is made between general personal data (e.g., name, e-mail address, address, etc.), special categories of personal data (e.g., health, racial or ethnic origin, etc.), and data on criminal offences and convictions.
Does GDPR apply to businesses?
The GDPR applies when a public authority, a business, an individual, etc., processes personal data on individuals, regardless of where the public authority, business, or individual is located, or where the data processing takes place.
How does our GDPR Solution help businesses comply with the Regulation?
The GDPR Solution provides tools and resources to help businesses streamline compliance efforts, including data inventory and mapping, consent management, management of data subjects’ rights, breach notification capabilities, and help with documentation requirements.
What are the potential consequences of non-compliance with GDPR?
Non-compliance with the GDPR can result in severe penalties, including fines of up to € 20 million or 4 pct. of the company’s global annual revenue, whichever is higher. Additionally, businesses may suffer reputational damage, loss of customer trust, and legal action from data subjects.
Who is responsible for compliance with the GDPR within an organization?
Compliance with the GDPR is a shared responsibility within an organization, with accountability resting primarily on senior management and the Data Protection Officer (DPO), if appointed. However, all employees who handle personal data must be aware of their obligations and contribute to compliance efforts.
Data controller or processor - why is it important?
Whistleblowing FAQ
What is the legal framework of the whistleblower reporting channel?
The European Union (EU) has adopted the Whistleblower Directive, which sets out the minimum requirements for the protection of whistleblowers and the creation of reporting channels. The Whistleblower Directive must be implemented in the law of the Member States. Therefore, every Member State was after the 17th of December 2021 required to have a national law on the protection of whistleblowers, although not all Member States have implemented it yet.
What does the rules mean for businesses?
The rules on the protection of whistleblowers provide, that companies with 50 or more employees after the 17th of December 2023 must establish an internal reporting channel, where employees can report breaches of law, acquired in a work-related context.
What can whistleblowers submit reports about in the internal reporting channel?
Whistleblowers can through the internal reporting channel submit reports on breaches of the law, regarding certain EU regulations (e.g., financial services, transport safety, consumer protection). The Member States can also extend the coverage of application, which is seen in e.g., Denmark, where the scope of application is extended to e.g., severe harassment and sexual harassment, fraud, theft, and black mailing.
What happeens after a report has been submitted?
After a report has been submitted, our assigned persons authorized to receive reports in our Screening Team will screen the report, and provide feedback to the whistleblower with discretion. If the report falls under the scope of the relevant whistleblower rules, we might determine to move forward with the case, and file a report to the management of the business or include the relevant public authorities.
How are whistleblowers protected?
Whistleblowers who have submitted a breach of the law through the internal reporting channel are protected against retaliation, e.g., against dismissal and a negative performance assessment. Information from which the identity of the whistleblower may be directly or indirectly deduced is treated as confidential information, and is subject to a special duty of confidentiality.
Does a business need a whistleblower policy?
Yes. A company must provide information on the procedures for making the report in a visible place, accessible to the persons covered by the company’s internal reporting channel. Depending on circumstances, a visible place could, e.g., be the company’s website. To the extent that the reporting channel is made available only to employees of the company, the intranet may also be an appropriate place.
How is a business required to document that they set up a internal reporting channel?
A company must keep written records of the establishment and procedures of an internal reporting channel if they are required to have one. Among other things, this means that a company must be able to demonstrate that a whistleblowing unit has been appointed, that a reporting channel has been established to which reports can be made, and that the reporting channel has been designed following the requirements in the national law, that implements the Whistleblower Directive.
When can the Whistleblower System be up and running?
The Whistleblower System can be up and running in two weeks from the signing of the agreement. During this time, you will be provided with technical onboarding and have an online onboarding meeting with our Customer Success Team in your local language.
Do you still have a question? Feel free to contact us or book a demo of our solutions.
We are here to help! Whether you need clarification on our products, assistance with navigating our services, or simply want to learn more, do not hesitate to reach out.
Additionally, if you are interested in seeing our solutions in action, we would be happy to schedule a personalized demo tailored to your needs.
