As quality manager in the fertility industry (European Sperm Bank), it seemed natural – back in 2017, to also take on the responsibility to implement the General Data Protection Regulation (GDPR) across the organization (incl. the UK and Germany). This included the preparation of all documentation (e.g. records of processing activities, policies, contracts and consent forms), training of employees, auditing of depts. – as well as the handling of data subject requests, personal data breaches, third country transfers, data processors etc.
As a result of managing many types of data subjects and processing of large amounts of special categories of personal data (especially health and genetic information), I have also had to prepare risk assessments of core activities and based on this – helped to introduce appropriate technical and organizational measures to reduce identified risks.
I hold a certificate in data protection law (incl. GDPR Master Class) and have worked closely with personal data specialists in law firms such as Bech-Bruun, Accura and Plesner – in relation to managing the position as Data Protection Officer/DPO (Chapter 7 of the Danish Data Protection Act/GDPR, Section 4). In addition, I am a member of the Danish DPO Society and continuously take part in various network meetings and other activities.
With reference to the data protection legislation, LHR Consult offers the following services:
- Providing advice and consultation on the GDPR, national Data Protection Acts and special law (e.g. related to tissues/cells, marketing and cookies).
- Acting as Data Protection Officer (DPO).
- Preparation and continuous improvement of GDPR-processes/-documentation.
- Evaluation and optimazation of existing GDPR-processes/-documentation.
- Preparation of Record of Processing Activities.
- Preparation of Data Protection Impact Assessment (DPIA) and other risk assessments.
- Assessment of third country transfers/preparation of Standard Contractual Clauses.
- Assessment/audit of data processors and preparation of Data Processing Agreements.
- Management of data subject requests, personal data breaches etc.
- Training of employees (IT security/management of personal data).
- Preparation, hosting of- and follow up on internal/external audits (e.g. data processors) and government inspections.
- Monitoring of legal requirements, guidelines etc. (e.g. Data Protection Agencies, Danish Business Authority, Plesner Insights/Legal Hub, EDPB, sikkerdigital.dk).
- Liaising with regulatory authorities (e.g. related to registrations and reporting).