On November 4, 2020, Espoo’s Entrepreneurs and YritysEspoo organized a GDPR information gathering, which gathered about a hundred entrepreneurs on the lines to hear expert guidance on the company’s responsibilities and obligations under the Data Protection Regulation and other legislation.
Attorney-at- law Lauri Mäki from AKG Oy emphasized that the company must be able to demonstrate that it has sought to identify data protection risks and take the necessary measures to protect personal data. The company must also take the necessary technical and organizational measures to comply with the law. In practice, this means that companies must:
- take into account data protection principles in their own activities, with particular emphasis on end-use
- plan and document both its own processing activities and the process in the event of a potential security breach; and
- familiarize staff with how to act exactly as planned.
Information management and technology architect Juha Sallinen from GDPR Tech Oy also reminded of the physical and electronic security that is needed, for example, in the event of a hacking or loss of a computer or a computer virus. Risks must therefore be identified and mitigated through practical action. Such practical steps include:
- room and computer locks and alarm systems
- computer encryption and up – to – date updates, including security protection; and
- tested backup and use of secure passwords
- note that the GDPR also applies to paper documents and video
- understand that requests for information must be adequately prepared
When an entrepreneur handles these obligations conscientiously, there is no need to lose his or her night’s sleep due to security threats, said Lauri Mäki. And Juha Sallinen summed up his presentation aptly: “Normal business is allowed, as is the use of common sense”.
More information, for example: https://tietosuoja.fi/organisaatiot