GDPR (Personal Data Regulation)

The BetterBoard platform can help you meet the requirements of the Personal Data Regulation.

GDPR is the same as the data protection regulation and personal data regulation in Danish. GDPR stands for “General Data Protection Regulation”, and is legislation introduced by the EU. This legislation entered into force on 25 May 2018, and has meant that all companies must decide on how personally identifiable information is distributed, handled and stored.

Implementing the new and comprehensive legal requirements has required a lot of work for many. That is why we at BetterBoard have developed a simple and secure tool for the board, which on the one hand contributes to the digitisation of the board and on the other hand helps with compliance with the requirements of Personal Data Regulation.

Secure login

One of the features available on the BetterBoard portal is an online workspace. In this workspace, data is stored in the cloud, and only people who have been granted access to it will be able to see this data. The platform also uses a 2-factor login, which means that a password alone is not sufficient to logging in. After entering a username and password an SMS code is sent to the user’s mobile phone. The SMS must then be entered on the platform to complete login. The platform also ensures that all the board’s documents are archived in the platform, meaning data will never be distributed via e-mail or other non-secure solutions. The data will also not be archived locally with the individual board member.

Deletion of data

In the Personal Data Regulation, it is an essential requirement that people can have data deleted that they do not want stored. The BetterBoard platform includes an intuitive search feature that makes it easy to find all the documents where specific data appears.

For example, you can search for specific content or a document name. In the event that a demand is made, e.g. from a former board member for the “right to be deleted”, it is a legal requirement in connection with the GDPR that the relevant data can be found in the board’s archive. If all material is sent by e-mail, for example, it will be an almost impossible task for the board to collect that data again – and it is therefore not in accordance with the new stricter legislation.

Classification of documents

The platform also makes it easy to classify the board’s documents in relation to the categories found in the Personal Data Regulation. With the help of a single click, you can classify the document. It is then colour-coded according to category, and “stamped” with whoever has determined/assessed the sensitivity of the document. Every time a document is uploaded on the platform, the system will try to search for personally identifiable information in the form of CPR numbers and e-mail addresses. If such information is found, it can be identified by colour marking, though it is of course still possible to colour mark a document manually.

Sensitive personal information

The Personal Data Regulation uses three different categories to describe the “sensitivity” of personal data, as shown in the illustration below.

The middle level is separately regulated in the Data Protection Act. For example, a personal ID number is not considered sensitive personal data, but rather as confidential information, which must not be published. However, non-sensitive information may in certain situations also be confidential information.

Explore the board portal

Try the portal for free

Book online demo

Get more information