In connection with the Agency’s planned supervision for the rest of the year, focus will be on the below four areas:
- Daily monitoring
- Data protection in connection with employment relationships
- Automatic decisions and profiling.
The Agency has chosen to focus on processors based on the GDPR’s new requirements for processors. The Agency will especially focus on the processor’s processing security and the use of subprocessors.
Suppliers to both the public and the private sector will be subject to supervision.
The Agency will take a closer look at the control at the workplace and observance of the duty of notification, registration of the customers’ purchase and travel history and automatic licence plate recognition at malls.
In addition to the latter, the Agency does not state which companies will be subject to supervision.
DATA PROTECTION IN CONNECTION WITH EMPLOYMENT RELATIONSHIPS
The Agency will have special focus on deletion of data collected in connection with recruitment and control measures in relation to employees and observance of the duty of notification.
A number of municipalities, the state, the private sector and charitable organisations will be subject to supervision.
AUTOMATIC DECISIONS AND PROFILING
The Agency will focus on compliance with the rules on use of individual, automatic decisions and profiling aimed, to begin with, at an insurance company and a bank.