Zalaris Nordic GDPR Seminar – April 04

Zalaris is processing personal data on your behalf as a data processor while you as the owner of the personal data is the data controller. This means that GDPR imposes direct compliance obligations on both our organizations. We take this shared responsibility seriously and hope that we can work together in the journey toward GDPR compliance.

On April 4th 2017, Zalaris invited our customers to our Nordic Seminar, where we teamed up with EY to put the spotlight on GDPR and its implications for you and our relation as controller and processor of personal data.

What is GDPR?

The General Data Protection Regulation (“GDPR”) is a comprehensive reform on data protection rules in the EU. This Regulation governs the protection of natural persons with regard to the processing of all types of personal data and rules relating to the free movement of personal data.

The GDPR will enter into force 25th of May 2018. One of the most significant changes in GDPR is the increased fines for non-compliance, which from 2018 can be up to 4% of annual worldwide turnover or €20,000,000. There is an increased focus on the accountability of organizations, and they will have to be able to prove by documentation, processes and operations that necessary frameworks are in place to safeguard personal data.

Further changes in the new GDPR include strengthened individual rights, mandatory breach notifications and the requirement to ensure “privacy by design”.

Why does it concern you?

The entry of GDPR entails that privacy must be an integral part of any HR and payroll process. As employers you are the controller of personal data on your employees, and as your HR- and BPO outsourcing partner, Zalaris is the processor of that employee data. GDPR applies to both data controllers and processors in the EU and organizations that target EU citizens, including transfers of such data to third countries and international organizations. This means that we must work together to ensure appropriate safeguards are in place.

What will be covered during this seminar?

As a trusted data processor and partner for our customers, Zalaris is turning up the speed in preparations for the increased demands that this role requires. Our seminar is specifically tailored to the controller-processor relation, with the aim of building a common foundation on which to work together.


  • General understanding of GDPR through specific examples and realistic situations.
    Presentation by EY
  • Difference between the current personal data act and the GDPR, and consequence for your organization.
    Presentation by EY
  • Clarification of your role as a controller and Zalaris’ role as a processor.
    Presentation by EY
  • The journey of personal data from your organization to Zalaris and the challenges along the way.
    Presentation by Zalaris
  • What Zalaris is doing to prepare ourselves as a processor
    Presentation by Zalaris and EY
  • GDPR and the Data Protection Authority perspective.
    Presentation by EY