14 February 2018

100 days until the data protection regulation comes into force – are you ready? 

The data protection regulation (regulation 2016/679/EC of 27 April 2016 of the European Parliament and the European Council) will come into force in Denmark in 100 days from now. Below, we will sum up what you need to have in place before 25 May 2018.

The data protection regulation introduces a number of new challenges to which companies and public authorities must relate. And the new rules should be given high priority as failure to comply with the rules may have serious financial - and in some situations criminal - consequences.

YOU NEED TO HAVE THIS IN PLACE BEFORE 25 MAY 2018

If you do not have the below in place before 25 May 2018, you may risk violating the regulation. A number of the provisos of the regulation already exist in a similar form in the Personal Data Act; for instance provisions on the basis of processing, consent and the duty to inform. But these rules are strengthened in the regulation which also stipulates stricter requirements for public authorities and companies processing personal data.

The general questions listed below are among the most important to decide on for companies and public authorities before 25 May 2018 in order to comply with the regulation:

  • Do you have an overview of the personal data processed?
  • Who is the data controller and who is the data processor?
  • Is there a basis for your processing of personal data?
  • Do any consent forms fulfil all the requirements of the data protection regulation?
  • Do you observe the duty of information in relation to all data subjects, and are you ready to meet the data subjects’ other rights, including the right of access?
  • Do you know the rules on deletion of personal data?
  • Are you required to appoint a data protection officer?
  • Can you document that you comply with the data protection regulation? Do you fulfil the regulation’s requirements for registration of processing activities?
  • Have you concluded the required data processor agreements?
  • Do you know where the personal data, that you process, are physically located, including whether personal data are being transferred to third countries (countries outside the EU/EEA)?
  • Have you made a risk analysis, and is your processing security in place?
  • Do you have a procedure concerning security breach?
  • Are you ready to fulfil the new requirements for impact assessments, privacy by design and privacy by default?

If you do not have the above matters in place, we recommend that you take care of it before 25 May 2018 in order to comply with the regulation.

We would be pleased to assist you with specific advice.

NATIONAL GUIDELINES

Since October 2017, the Ministry of Justice and the Data Protection Agency have published a number of guidelines contributing to the understanding of the data protection regulation. These guidelines cover a number of core areas in the regulation.

General information concerning the data protection regulation

In October 2017, guidelines were published concerning the new rules on protection of personal data. The guidelines describe personal data, when to process personal data and the data subjects’ rights.

Consent

In November 2017, guidelines were introduced concerning consent. The guidelines give a brief introduction concerning the rules on consent as a basis of processing under the regulation, including a number of examples of the application of consent.

Data controllers and data processors

In November 2017, guidelines were also published concerning data controllers and data processors. It is important to know the difference between a data controller and a data processor as the requirements are different. The guidelines help clarifying whether you act as data controller or data processor. However, there is no key answers, but the guidelines present some general principles.

Transfer to third countries and international organisations

In November 2017, guidelines were also published concerning transfer of personal data to third countries. The guidelines give a brief introduction to the rules in Part V of the regulation concerning transfer of personal data to third countries or international organisations. The guidelines include a user-friendly quick guide concerning transfer to third countries.

Data protection officers

In December 2017, guidelines were published concerning data protection officers. The purpose of these guidelines was to give an account of the regulation's requirements for appointment of data protection officers, their assignments, qualifications, positions and involvement. As opposed to public authorities, private businesses are only obligated to appoint data protection officers in rare situations.

Code of conduct and certification

In January 2018, the Data Protection Agency and the Ministry of Justice published guidelines concerning code of conduct and certification. Code of conduct means a set of rules that are to ensure that companies comply with the regulation.

Register

In February 2018, the Data Protection Agency and the Ministry of Justice published guidelines concerning registers, including an example of a register.

Future guidelines

According to the Data Protection Agency, six additional guidelines are planned in February 2018. The subjects of these are:

  • Security of processing
  • Data protection by way of design and default settings
  • Impact assessments
  • Handling of breach of personal data security
  • The data subject’s rights
  • Data protection within labour and employment law

related news

Government proposal: Energy must be more green and cheaper

1 May 2018

Recently, the government made a new energy proposal aiming at minimum 50 % renewable energy in 2030 and cheaper energy to the citizens and the community.

Horten recognised as leading law firm by Legal 500

13 April 2018

Horten is recognised as leading law firm within a wide range of legal disciplines. At the same time, 26 partners are nominated as being among the best legal advisers in Denmark.

Pregnant woman did not have a preferential right or a claim for relocation

28 March 2018

The European Court of Justice (the ECJ) has ruled that a pregnant woman who was dismissed in connection with mass redundancies did not have a preferential right to stay employed with the company or to be relocated under EU law.

Fines to cartels within the car industry turn focus on applications for relief of fines

16 March 2018

In three separate decisions, The European Commission has imposed fines of more than EUR 540 million on a number of players within the car industry. At the same time, three cartel members obtained relief of fines due to their roles in relation to exposing the cartels.

Nature Energy’s gas network sold to Energinet

15 March 2018

NGF Nature Energy Holding A/S and Energinet have concluded an agreement concerning sale of NGF Nature Energy Distribution A/S to Energinet .

Funen municipalities sell Nature Energy

15 March 2018

Eight municipalities in Funen have sold the commercial activities of the Nature Energy after 40 years of municipal ownership.

New rankings from Chambers

13 March 2018

Chambers, the leading international guide to the best law firms, ranks Horten as one of the best in the country yet again.

On-call duty at home may be working time

26 February 2018

New ECJ verdict: Time where the employee must be available to the employer without being physically present at the work place can be considered working time.

The Data Protection Agency publishes template data processor agreement

19 February 2018

An important element of complying with the provisions of the data protection regulation is to ensure that the required data processor agreements have been concluded. The Data Protection Agency has prepared a template data processor agreement and an accompanying text explaining how to use the template.

Merger control: When to notify mergers and acquisition to national competition authorities

15 February 2018

In mergers and acquisitions, it is always relevant to consider, if the transaction is subject to merger control – on either a national or an EU level. Horten's Merger Control Poster gives an overview of the turnover thresholds for merger control in Europe.

Price increases in the pharma sector may be considered abuse of a dominant position

13 February 2018

The Danish Competition Council ruled that CD Pharma had abused its dominant position by increasing the price on the medicinal product Syntocinon by 2,000 % in 2014.

Danish defence news: Offset collision and budget expansion ahead

5 February 2018

On 25 January 2018, the EU Commission opened infringement procedures against five member states including Denmark for not complying with the public procurement rules.

Unique cooperation between Horten and Symbion

5 February 2018

Horten has entered into unique cooperation with Symbion and Accelerace where we will make a team of lawyers available for start-up businesses at the shared office facilities Horten CoLab.

Two new specialised attorneys at Horten

31 January 2018

Horten has appointed two new specialised attorneys with strong business insight within municipal and administrative law and insolvency and bankruptcy law.

Cartel fine for collusion in connection with tender to waste water company

17 January 2018

The Danish Competition and Consumer Authority has published that, on 12 January 2018, the contracting business Troels Jørgensen A/S was ordered to pay a fine of DKK 3.2 million for violation of the prohibition against anti-competitive agreements under the Competition Act.

New Managing Partner at Horten

2 January 2018

Finn Schwarz, Attorney and Partner, has been appointed Managing Partner of Horten Law Firm as of 1 January 2018.

A binding commitment from the European Commission will not prevent decisions from national courts

19 December 2017

The European Court of Justice ruled that the European Commission’s decisions on binding commitments does not prevent opposing decisions from national courts.

Judgment in the Coty case: Prohibition against use of third party's online platform was not unlawful

12 December 2017

On 6 December 2017, the European Court of Justice ruled that cosmetics manufacturer Coty's prohibition against internet sale via third parties was not unlawful.

Eastern High Court upholds the Metro judgment for violation of the Competition Act

23 November 2017

Metro is sentenced to pay a fine of DKK 50,000 for violation of the Competition Act by withholding information in a merger. Eastern High Court upheld the district court's ruling.

The European Court of Justice: TV2 has received illegal state aid

14 November 2017

The ECJ has ruled that the advertising revenue that TV2 received from 1995-1996 from the TV2 Foundation was illegal state aid.

The European Court of Justice: Redundancies - when?

9 October 2017

In two recent cases, the European Court of Justice (ECJ) ruled that an employer should have consulted the employees’ organisations before giving notice of changes that resulted in collective redundancies.

The European Court of Justice: Public servant was entitled to be reinstated in trial position

9 October 2017

The European Court of Justice (ECJ) has assessed that a public servant employed in a trial position as head of department should have been offered the same or a similar position when returning from parental leave, even though the probationary period had expired.

Compliance: E-leaning in competition law

20 September 2017

Horten now offers e-learning in competition law tailored to each company.

Exclusivity discounts: the Intel case, including record-high fine is remitted

20 September 2017

The European Court of Justice ruled that a dominant company's use of excklusivity discounts does not always constitue abuse of the company's dominant position.

New judgment from the European Court of Human Rights concerning companies’ monitoring of private communication

19 September 2017

The European Court of Human Rights recently ruled that employers must inform employees of the possibility of monitoring and to which extent.

European ip rights in Great Britain after Brexit

19 September 2017

Great Britain's exit from the EU will create uncertainty for both British and EU27 companies in relation to the extent and protection of intellectual property rights in Great Britain. It is therefore of great interest and importance to clarify the consequences of Great Britain’s exit and how to handle them.

The world’s largest e-sports tournament is coming to Denmark

14 August 2017

In December 2017 and for the next two years, Arena Fyn in Odense will host the finals of the world’s largest e-sports tournament - ESL Pro League - in the computer game Counter Strike. Horten has assisted Odense municipality in connection with the legal framework of the tournament.

Google - an overview of the summer’s EU case against the internet giant

27 July 2017

In June 2017, the European Commission ruled in the first of three pending cases against Google and ordered Google to pay a record-high fine of EUR 2.42 billion for abuse of its dominant position. According to the European Commission, Google favoured Google Shopping in its search engine.

New oil and gas strategy for the North Sea

4 July 2017

A new oil and gas strategy has been set out for the Danish part of the North Sea. The strategy was prepared in cooperation between the industry, the DEA and GEUS to ensure optimal exploitation of the Danish resources.

Denmark ready for Tour de France

30 June 2017

The state and five cities - Copenhagen, Roskilde, Odense, Vejle and Sønderborg - are ready for the Tour de France Grand Départ. If Denmark is chosen as the venue, it will be the greatest sports event ever in Denmark.

Still waiting for a European Patent Court

20 June 2017

The agreement concerning the European Patent Court is once again delayed. The agreement concerning the establishment of a so-called unitary patent and a joint patent court was planned to come into force in December 2017, but this will presumably not be the case.

White Paper concerning the data protection regulation has arrived

29 May 2017

The Ministry of Justice has now published the long awaited White Paper concerning the data protection regulation and the legal framework for Danish legislation in this respect.

Merger control: When to notify mergers and acquisition to national competition authorities

10 May 2017

In mergers and acquisitions, it is always relevant to consider, if the transaction is subject to merger control – on either a national or an EU level. Transactions that are subject to merger control must be notified and approved, before they are implemented.

Horten advances in new Chambers and Legal 500 rankings

19 April 2017

In 2017, the leading international ranking agencies, Legal 500 and Chambers, are once again ranking Horten among the best law firms in Denmark.

Conditional approval of Maersk Line's purchase of German container shipping company

12 April 2017

The European Commission has approved Maersk Line's takeover of the German container shipping company Hamburg Südamerikanische Dampfschifffahrts-Gesellschaft KG (HSDG).

The European Commission: Aid to construction of Kriegers Flak is legal

30 March 2017

The Commission has approved the Danish state aid to the offshore wind turbine project Kriegers Flak as the project will contribute to an increased use of renewable energy in Denmark.

Extensive commitment protects innovation in connection with approved DOW/DUPONT merger

30 March 2017

The European Commission has approved the merger between DOW and DuPont after long-term commitment negotiations. The approval is conditional on DuPont selling many of its pesticide companies and its global R&D.

Conviction in bribery actions against Atea

24 March 2017

The Eastern High Court has delivered convictions in two bribery actions where Atea gave away iPhones, iPads and other IT equipment to two senior employees at the City of Copenhagen and DSB.

SAS is once again to pay major fine for participating in the Air Cargo cartel

20 March 2017

SAS and a number of other airlines have once again been fined by the European Commission for their participation in the Air Cargo cartel. In 2015, the European General Court annulled the Commission's decision due to a procedural error. The Commission has now remedied the error and changed its decision.

Four new specialised attorneys at Horten

7 March 2017

Horten has appointed four new specialised attorneys having in-depth professional and commercial expertise within personal data law, environmental and planning law, energy and supply law and tax law.

The Energy Regulatory Authority: New criteria for estimation of reasonable return on invested capital

17 February 2017

Recently, the Energy Regulatory Authority listed the circumstances that may and must be included when estimating a reasonable return on capital invested in a heating company in connection with the Authority's approval of return on invested capital.

The State Administration: Reconsideration of decision on access to inter-municipal enterprise's business information relevant for a tender procedure

16 February 2017

After having established that a decision was incorrect on several issues, the State Administration requested an emergency service organised as an inter-municipal enterprise to resume the matter and make a new decision. The inter-municipal enterprise had referred to section 30, no. 2 of the Act on public access to documents in public files (the "Act") as the basis of exempting information in consideration of the inter-municipal enterprise's future possibilities of putting out operational assignments to tender.

The EUDP - new round of applications for grants to energy projects in 2017

1 February 2017

The Energy Technology Development and Demonstration Program (EUDP) has published a new strategy for 2017-2019, which forms the basis of new projects worthy of support. The EUDP is a public scheme supporting new energy technology, which must contribute to achieving the target set in relation to energy and climate. Compared to previous strategies, the new strategy focuses on key areas in a more global perspective.

Does waste incineration play a role in a circular economy?

31 January 2017

The European Commission has published a new communication on the role of waste incineration in a circular economy. The purpose of the communication is to ensure an optimal energy exploitation of non-recoverable waste.

Are you allowed as a governm¬ent official to say that the municipal chief executive's "core competence may not be the truth"?

30 January 2017

According to the Ombudsman, it was in accordance with the rules of government employees' freedom of speech when a municipal employee was given a warning for writing on his Facebook profile that the municipal chief executive was "a person whose core competence may not be the truth".

New action plan for the implementation of the regulation on data protection

30 January 2017

The Article 29 group has adopted a new action plan listing which subjects the group will prioritise in 2017 to ensure an effective implementation of the regulation on data protection.

The Danish state is liable in damages for lack of replacement holiday

23 January 2017

The Supreme Court has ruled that the Danish state is liable in damages for not having made the Holiday Act consistent with the Working Time Directive fast enough in relation to sickness during holiday. However, the Supreme Court ruled in favour of the Danish state as the Supreme Court found that the state was not liable in damages at the time of the employee's sickness during the summer holiday 2010.

Recent case law concerning access to documents - January 2017

19 January 2017

The limits as to when access to documents should be granted are clarified on a current basis. We have reviewed recent case law concerning access to documents and have summarised all relevant statements within the municipal areas below, including business information, identification requirement and data extraction.

Data protection officer – who, when, what?

12 January 2017

The so-called Article 29 group has adopted a set of guidelines covering data protection officers, which will provide more clarity with regard to the data protection officer's assignments, position and liability.

Global Leaders in Law appoints Horten as exclusive partner for Denmark

10 January 2017

Global Leaders in Law, the leading global general counsel forum based in London, and Horten has announced partnership. Appointed as a global bronze partner, Horten will sponsor the activities of Global Leaders in Law in 2017.

Competition law - Adoption of new rules on claims for damages

1 December 2016

The directive concerning damages to customers (and others) suffering a loss due to violation of the competition rules came into force in December 2014 (Directive 2014/104/EU). The directive is now being implemented into Danish law.

Greenland adopts personal data act

22 November 2016

From 1 December 2016, the Personal Data Act became effective in Greenland at the request of the Greenland Home Rule. The Act replaces the data protection legislation from 1978, which has applied in Greenland until now.

New Advisory Board is to advise the government on a circular economy

2 November 2016

The government has set up an Advisory Board consisting of Danish business executives, who are going to advise the government on a circular economy thereby increasing enterprises' earning opportunities, promoting a more efficient utilisation of resources and minimising the environmental impact. The new measure was presented by the Minister of the Environment and Food, Esben Lunde Larsen, and the Minister of Business and Growth, Troels Lund Poulsen.

Dynamic IP addresses may constitute personal data

19 October 2016

The European Court of Justice recently ruled in C-582/14 that a dynamic IP address may constitute personal data.

Aid to the Eurovision Song Contest was not illegal under municipal and state aid law

14 October 2016

On 12 October 2016, the Ministry of Social Affairs and the Interior concluded in a statement that the aid provided through Projektselskabet by the City of Copenhagen and the Capital Region of Denmark to the Eurovision Song Contest in 2014 was legal.

The Data Protection Agency: Understand the requirements for employees' processing of personal data

7 October 2016

In a recent decision, the Data Protection Agency criticised a municipality's control of the data security based on unauthorised persons' access to sensitive personal data stored on an employee's private IT equipment.

The ombudsman: Dismissal of upper secondary school teacher was contrary to government employees' freedom of speech

5 September 2016

The ombudsman found that it was "strongly criticisable" that Campus Bornholm had dismissed a teacher for having criticised the employer.

Compensation for violation of the principle of equal treatment of the Temp Act

5 September 2016

For the first time, the Supreme Court has ruled on a violation of the principle of equality of the Temp Act.

New partner

15 August 2016

Horten strengthens the partner group and the expertise within environmental and public law with the admission of partner Anne Sophie K. Vilsbøll.

Compensation for wrongful publication of conviction

5 July 2016

Recently, the Eastern High Court ruled in a case where the housing association AAB had published information on a former voluntary cashier's criminal offenceson the Internet contrary to the Personal Data Act.

New state aid register will come into force on 1 July 2016

30 June 2016

As part of the European Commission's reform of the European state aid rules initiated in 2012, the member states must register any state aid to companies exceeding € 500,000 in a public web-based register. The rule comes into force on 1 July 2016, when the new register will be available.

New rankings from IFLR1000: Horten is still the leading law firm within energy and infrastructure

22 June 2016

Every year, the international directory IFLR1000 publishes a guide of the world's best law firms within energy and infrastructure. In the recently published guide, Horten is, like last year, rated as one of the country's best advisers within this area.

New agreement on municipalities' economy in 2017

13 June 2016

The day after the Government and the Danish Regions presented an agreement on the regions' economy in 2017, it was published that the Government had also concluded an agreement with KL on the municipalities' economy in 2017.

Amendments to the Planning Act - conclusion of political agreement

10 June 2016

On 9 June 2016, a political agreement was concluded between the Government, the People's Party, the Conservative Party and the Social Democrats concerning an amendment of the Planning Act.

Waste suited for incineration is perhaps to be opened to competition

17 May 2016

On 13 May 2015, the Government published a proposal for alternative financing of the so-called PSO tax. The financing is to take place under the Budget instead of via the PSO tax. One of the initiatives is to open the waste energy production sector to competition

New ratings from the international reference book Legal 500

4 May 2016

There are several good news for Horten in the new rankings, among these to new Tier 1-ratings in Media & entertainment and Telecoms.

Gift policy

3 May 2016

With a conviction of bribery, your company risks having to wave goodbye to public orders due to the rules of the Procurement Act.

Municipalities cannot take out insurance covering volunteers - yet

2 May 2016

The Ministry of Social Affairs and the Interior has put a - temporary - stop to the question whether municipalities can take out collective accident and liability insurance covering volunteers.

Practical advice concerning the European Single Procurement Document (ESPD)

28 April 2016

After the coming into force of the Procurement Act, the ESPD has given rise to special challenges both for the applicants/tenderers and the contracting entities.

Final adoption of the new personal data regulation

14 April 2016

The European Parliament has adopted the new personal data regulation together with the rest of the data protection reform.

How to prepare and conduct a general meeting

11 April 2016

This article will answer the questions often asked when preparing a general meeting, which most municipal companies are required to hold annually.

Public-private investments in Greenland

9 March 2016

On 26 February 2016, Horten and Nuna Law Firm hosted a conference with focus on public-private investments in Greenland.

Publication of draft Privacy Shield between the EU and the USA

8 March 2016

At the beginning of February 2016, it was reported that the European Commission and the USA had politically agreed on a new scheme replacing the Safe Harbour scheme concerning transfer of personal data from the EU to the USA.

Are you ready for the new personal data protection regulation?

24 February 2016

Does your company - private or public - meet the requirements of the applicable personal data act, and are you ready for the new amendments?

Dispute concerning cost-free loan guarantees to two district heating companies may be brought before the Supreme Court

23 February 2016

State subsidies: A dispute concerning cost-free loan guarantees to two district heating companies may be brought before the Supreme Court, but the municipal initiatives should continue.

Ten things to know about the new water sector act

18 February 2016

The new Water Sector Act will come into force on 1 March 2016. What does the new Act imply? There are many major and minor amendments and, below, we will introduce you to ten of them.

After the legal action concerning road charges

12 February 2016

Road charges after the Supreme Court ruling - What should municipalities and supply companies be aware of?

Tax and state aid: where are we going?

10 February 2016

Since 2013, the Commission has investigated the member states' tax rulings to establish whether the state aid rules are violated through selective tax advantages.

The Supreme Court did not set aside an arbitration award

10 February 2016

A new Supreme Court ruling concerning compensation for breach of a distributor agreement emphasises the binding character of awards.

Subsidies to agricultural activities covered by the local government mandate

9 February 2016

The State Administration: An association's sub-lease of land owned by the municipality was not considered an indirect municipal subsidy.

New nursing home in Hornbæk to be built and run by the OK Foundation

9 February 2016

In February, the Municipality of Helsingør selected the OK Foundation as cooperation partner in connection with the building of a new nursing home in Hornbæk.

Supreme Court: Decisions concerning road charges were invalid

5 February 2016

The Supreme Court has ruled in favour of the Municipality of Slagelse that Forsyningssekretariatet's decisions concerning road charges were invalid.

Political agreement on new EU-US privacy shield agreement

4 February 2016

A new political agreement between the European Court of Justice and the US is finalized, after the European Court of Justice set aside the the Safe Harbor scheme last year.

Loan guarantees to two district heating companies were illegal and thereby invalid

26 January 2016

This was established on 25 January 2016 when the Western High Court ruled on a dispute between the Municipality of Sønderborg and two local district heating companies. The ruling means that the municipality is obligated to charge a guarantee commission which constitutes more than DKK 70 million in the guarantee period.

EU action plan sets targets for future waste disposal

26 January 2016

"Closing the loop – an Action Plan for a Circular Economy" aims to reduce EU waste volumes. In Denmark, waste incineration is an important energy source, and the plan may therefore challenge the supply sector, says Sinne Conan, CEO of Konsentio, a public affairs bureau in Brussels.

Major savings for the municipality of Brøndby by repurchasing and inviting tenders for street lighting contract

25 January 2016

Horten has assisted the municipality of Brøndby through a lenghty process of negotiations in connection with a repurchase and call for tenders for operation as well as maintenance and renovation of the municipality's street lighting installations.

The waste sector's role in a circular economy

21 January 2016

The development towards a circular economy requires major changes within the waste sector with focus on direct recycling, reuse and on complete removal of toxic materials. This is the assessment of the managing director of the Danish Waste Association, Jacob Hartvig Simonsen.