We all have sensitive information about ourselves that we don’t want to go astray. For exactly five years, we have therefore had the Personal Data Act or GDPR. It is about the information we provide to companies and governing authorities, they must be careful. But it is a complicated set of regulations that takes time and costs money to put in place. This means that many small and medium-sized businesses break the law every day because they cannot afford to follow up on the regulations. – We are a small AS and do not have the resources or capacity to have a service person who can sit and answer the phones with us, says a manager in a small business in Bodø. Therefore, they have contact with their customers via e-mail. It is not an approved messaging service when it comes to the exchange of sensitive information. The manager wants to remain anonymous because she knows that they are constantly breaking the Personal Data Act. news knows her identity. – I feel we are in a limbo between breaking the law and being able to provide service and be available. It is unpleasant to know that we are breaking the law, says the leader. The Norwegian Data Protection Authority has fined 72 small and medium-sized companies since the GDPR came into effect. There is a good chance that there may be many more – Many do not have this in order – Most small and medium-sized companies find this a challenging major task. Most people look down a bit when that topic comes up, says Pål Reinert Bredvei. He is the boss of Adminkit, which is a company that helps small and medium-sized companies with personnel and administration. Pål Reinert Bredvei, head of Adminkit, believes that most small and medium-sized companies find it a challenging undertaking. Photo: Heidi Marie Gøperød – I know that many people do not have this in order. It is because this is complicated, especially for small and medium-sized companies that have little or no expertise in it, says Bredvei and adds: – But there is no escaping it. This is something that must be in order. Here are the biggest fines the Norwegian Data Protection Authority has issued for breaches of the GDPR: It has been five years since the GDPR was introduced. Here are some of the biggest fines the Norwegian Data Protection Authority has given for breaches of the Personal Data Act in recent years: Bredvei says personal data can be very different. This may, for example, be information about religion, medical background, medicine and ethnicity. – And personal data is not only about the customers’ data, but it is probably just as much about information that companies store about their employees. Large dark figures This problem has a large scope, says Director of the Norwegian Data Protection Authority Line Coll. – These are big dark figures, most likely, says Coll. Because it is a complicated set of regulations and it takes time and costs money to comply. Until now, not many small businesses have been fined for breaking the law. That is going to change. – Small and medium-sized businesses must comply with the regulations, we are very clear about that. So if something happens in such a company, it is not inconceivable that we come to inspect and take action about it. Director of the Norwegian Data Protection Authority, Line Coll, says there are big dark figures. Photo: MARTIN GUNDERSEN / news Coll understands that following the GDPR regulations to the letter is difficult, but she is clear that companies must do something. It’s better than nothing. – We expect all businesses in Norway today that process personal data to do something. Are you prepared for an inspection? The manager in Bodø fears that the Norwegian Data Protection Authority will show up for an inspection. – But we are prepared for that to happen. The manager in Bodø says it would be unpleasant if the Norwegian Data Protection Authority came to check. Photo: Ola Helness / news In the future, she hopes that the company can join forces with other small businesses and find a better solution to communication. – That would have been the very best.
ttn-69
72 companies broke the Personal Data Act in five years – news Nordland
