All companies are covered by data protection legislation, based on the EU GDPR. This Implementing GDPR replaced the Personal Data Act and associated security executive order on 25 May 2018, and entailed changes such as stricter sanctions, requirements for a Data Protection Officer, the right to be forgotten, and a reporting obligation.
The law applies to any form of handling of information about persons - including employees. The most important forms of processing include: Collection, registration, data classification, storage, use, disclosure, interconnection and deletion. Note that even the storage of personal data counts as data processing of personal data.
The law prescribes when and how personal data can be processed, and thus relates to data protection and correct handling of personal data.
When processing data on employees in connection with payroll and HR, you must therefore always live up to the requirements in the Data Protection Ordinance, and in many cases companies must notify the Danish Data Protection Agency regarding the company's registration and use of data.
Some of the rules of the law also apply to how you may process personal information received from companies, associations and the like. This is particularly relevant in relation to the rules on credit bureaus, healthcare providers, IT hosting companies, staffing companies and others.
Visma Addo complies with all requirements in connection with GDPR and has at the same time had a comprehensive ISAE 3000 report carried out