Your obligations will partly depend on whether you are a controller or processor, which you can read more about under the heading "Data controller and processor".
As a rule, it is you as a data controller who is responsible for ensuring that the processing of personal data complies with the rules of the GDPR.
As data controller, you must, in cooperation with your possible data processors, ensure that you:
- Are allowed to process the data that you and your data processors hold.
- Keep a record of your processing activities (also applicable to the data processor).
- Is able to comply with the rules on data subjects’ rights, such as the obligation to provide information or the right of access.
- Get any breaches reported to the Danish Data Protection Agency within 72 hours.
- Have a data processor agreement with the data processors who process personal data on your behalf.
- Can demonstrate to the Danish Data Protection Agency that you have ensured data protection by appropriate technical and organizational measures, so that there are no unintended, unreasonable or unlawful processing operations.