Persondataforordningen og de økonomiske konsekvenser

Rikke Reichhardt & Michelle Jensen

Student thesis: Diploma thesis


On May 25th 2018 the General Data Protection Regulation (then: GDPR) will replace the Danish Personal Data Act1 in Denmark. With GDPR there are a number of new initiatives, as well as some tightening of the current legislation that will help ensure the rights of the data subject. There has never been a greater need to ensure the rights of the data subjects. Society is becoming more and more digitalized and data is being produced and shared like never before. Around the world the social media has experienced great growth over the last 10 years. Facebook started in 2004 and in 2017 there were 2 billion monthly users on the platform. There is always a backside in a positive development. At the same time as society is becoming more digitalalized, criminals become better to hack into the systems. Hacking means that someone trying to get unauthorized access to the systems. Hacking can have the great impact on businesses and their customers. All companies handle to some extent sensitive personal information. Some businesses have it as their primary activity, such as a bank or a doctor where most companies that primarily deals with B2B sales only handles personally sensitive information in terms of their employees. Companies are increasingly using digital solutions, such as cookies and cloud services, to collect and store data about their users, while laptops and mobile phones have become a commonly used tool. It places great demands on corporate data security. GDPR requires companies to increase security through the processing of sensitive information. They must know what data they are processing, how they are stored and who has access to the information. At the same time, the companies must document the process. Furthermore the companies must prepare a guideline for the safety of the imformation including how to report a breach. Many companies do not have the skills or the right trained employees to become compliant with the GDPR requirements. They may only understand their IT system superficially and do not have enough knowledge to compile an overview of their data flow. At the same time, many companies will find it difficult to read and understand the regulation and thus understand which requirements are applicable to them. This report will help give smaller imdependent adviser and companies, and others who it may concern an overview of the GDPR. This report will be based on the regulation as of the 4th of May 2016 and will come across the new initiatives. A compliance framework will be presented, the tool can be a great help to the smaller companies on how to implement the regulation and keeping sure that the companies stay complaint. We will provide examples of flowcharts including how Virksomhed As is handling the sensitive information they are storing, as well as a contingency plan for the company. Finally, we will explain what financial consequences it may have for different types of companies if there is a breach of security. Since the regulation was adopted in 2016, the major audit and advisory houses have been working on tools that will help their customers comply with the regulation. Companies use in most cases, their accountant as an important partner in the process of becoming complaint with the regulation. It is therefore important that the audit and advisory houses are ready to help customers and advise them. In the report we will review some of the tools that Deloitte Statsautoriseret Revisionspartnerselskab in Denmark has developed for their customers.

EducationsGraduate Diploma in Accounting and Financial Management, (Diploma Programme) Final Thesis
Publication date2018
Number of pages80
SupervisorsJeanette Willert