GDPR Fact Sheet: Show that you comply with data protection regulations and protect yourself with care

On November 4, 2020, Espoo’s Entrepreneurs and YritysEspoo organized a GDPR information gathering, which gathered about a hundred entrepreneurs on the lines to hear expert guidance on the company’s responsibilities and obligations under the Data Protection Regulation and other legislation.

Attorney-at- law Lauri Mäki from AKG Oy emphasized that the company must be able to demonstrate that it has sought to identify data protection risks and take the necessary measures to protect personal data. The company must also take the necessary technical and organizational measures to comply with the law. In practice, this means that companies must:

  • take into account data protection principles in their own activities, with particular emphasis on end-use
  • plan and document both its own processing activities and the process in the event of a potential security breach; and
  • familiarize staff with how to act exactly as planned.

The former type of registry-specific privacy policy is not the law no longer requires, on the other hand companies should prepare leaflet processing operations on their own, internal use and, secondly, to inform the processing of personal data in an intelligible form.

Information management and technology architect Juha Sallinen from GDPR Tech Oy also reminded of the physical and electronic security that is needed, for example, in the event of a hacking or loss of a computer or a computer virus. Risks must therefore be identified and mitigated through practical action. Such practical steps include:

  • room and computer locks and alarm systems
  • computer encryption and up – to – date updates, including security protection; and
  • tested backup and use of secure passwords
  • note that the GDPR also applies to paper documents and video
  • understand that requests for information must be adequately prepared

When an entrepreneur handles these obligations conscientiously, there is no need to lose his or her night’s sleep due to security threats, said Lauri Mäki. And Juha Sallinen summed up his presentation aptly: “Normal business is allowed, as is the use of common sense”.

More information, for example:



Our Services

For starting companies

How can a business idea be transformed into a business plan? How is the company’s financing organized? Who helps with accounting, legal affairs or marketing?

For entrepreneurs

Support for growth, development and crisis management. Company Espoo serves not only those who are planning to start a company, but also everyone who is already operating as an entrepreneur or light entrepreneur.