DPA Service updates regarding new data supervision guidance

This is your November product update on the .legal DPA Service. The purpose is to give you a firsthand view of our latest updates.

On the 29^th of October, the Danish Data Protection Authority published new guidance on how you can supervise your data processors.

Based on the guidance, we are now updating DPA Service so that we can meet the new measures. Over the next few weeks, we will be rolling out the changes below.

• The guidance focuses on a risk-based approach to the type of supervision that must be carried out with different data processors. The Norwegian Data Protection Authority also provides a proposal on how you can qualify your data processors' risk level. Based on the Danish Data Protection Authority's model, we add a qualification module to DPA Service, which you can use to calculate a risk score for your data processors.
  
  
• In addition, the guidance suggests a risk-based approach to how often you as a data controller must supervise your data processors. Based on the specified risk score, you will therefore be given the opportunity to register an inspection frequency on your data processors. This frequency can form the basis of the planning of new controls that you prepare in collaboration with .legal.
  
  
• Finally, the guidance has also given rise to preparing a number of updates to the questionnaire, which is sent out to the data processors. The new question framework will have an effect on the checks that are sent in the future.

The measures above are the first changes that we are making on the basis of the new guidance. However, we are already looking at how the guidance can give rise to even more changes.

If you have any further questions about DPA Service, you are, as always, welcome to give us a call or send us an email. You will also receive an information email when the new functions are ready for use.