The new General Data Protection Regulation (GDPR) will soon be in effect for the EU and EEA countries, and will ensure an increased focus on the individuals' rights. «It is positive that companies now have to do a general clean up on storing and usage of personal data.»
This is what IT Architect and Business Developer in Omega IT Architects, Thomas S. Økland thinks, and emphasizes that the new data regulation is not meant to be an obstacle for businesses and their business areas, but rather an important part of running the company responsibly:
«Some might say that GDPR will lead to more bureaucracy and overwhelming processes internally for a company, however, personal data is one of the most important information sources companies store, and treating these with care is crucial. There are so many apps, programs and systems nowadays that it is good for users to become more aware of what information is stored about them in the different places. It is a good time for bringing this regulation into effect, even though it requires extra work for companies.»
In Omega an internal group has worked approximately a year with preparing the Omega concern for when the GDPR becomes Norwegian law on July 1, 2018. They have among other tings worked on mapping the storage of personal data and routines for deleting information. They have also looked at Omega's systems and undertaken risk analyses.
«A majority of our systems are built on processing personal data and we have looked at the security and safety aspects of this. We have long operated with role-based access in our systems,» explains Department Manager for Pims Software Solutions, Trygve Haaland, who also has taken on the role as Omega's GDPR Officer.
In addition to Økland and Haaland, HSEQ Manager Karina Hovden Stava, Administrative Coordinator Lene Gregersen, and Judicial Adviser in Omega Subsea, Mette Odden form the internal group.
«Securing personal data is a continual process and with GDPR we get a more focused approach to the processes and routines around treatment of this information,» explains Gregersen.
«We have a lot of personal data stored in our systems and this is something we have legal basis for keeping due to the nature of our business. This has made us aware of security and privacy rights since the beginning,» Stava adds.
Odden emphasizes that Omega and other businesses will get a larger responsibility for ensuring safe storage and treatment of personal data.
«It might take some time before the big companies have everything in place in order to be GDPR-compliant. Those who already have implemented privacy regulations and security measures will with good routines and solid systems discover that becoming compliant will be a little easier.»
«Going forward we need to ensure that we have regulations for privacy integrated in our systems, a so-called integrated privacy setting. Omega is working close with judicial advisers and systems to lay down the foundation for further work,» she sums up.
EU's regulation for data protection, The General Data Protection Regulation (GDPR), will take effect on July 1 and become a part of Norwegian legislation in 2018. This means that in Norway, and other EU and EEA countries, there is a new set of rules giving companies more responsibility and the individual more control over the data stored about them. Read more about the new regulations on the EU Commission's web page: https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en.