Zalaris Nordic GDPR Seminar – April 04


Date: April 04

Location: Park Inn by Radisson, Oslo Airport Gardermoen

RSVP before March 20


Zalaris is processing personal data on your behalf as a data processor while you as the owner of the personal data is the data controller. This means that GDPR imposes direct compliance obligations on both our organizations. We take this shared responsibility seriously and hope that we can work together in the journey toward GDPR compliance.

Zalaris is therefore pleased to invite you to our Nordic Seminar, where we team up with EY to put the spotlight on GDPR and its implications for you and our relation as controller and processor of personal data.

What is GDPR?

The General Data Protection Regulation (“GDPR”) is a comprehensive reform on data protection rules in the EU. This Regulation governs the protection of natural persons with regard to the processing of all types of personal data and rules relating to the free movement of personal data.
The GDPR will enter into force 25th of May 2018. One of the most significant changes in GDPR is the increased fines for non-compliance, which from 2018 can be up to 4% of annual worldwide turnover or €20,000,000. There is an increased focus on the accountability of organizations, and they will have to be able to prove by documentation, processes and operations that necessary frameworks are in place to safeguard personal data.

Further changes in the new GDPR include strengthened individual rights, mandatory breach notifications and the requirement to ensure “privacy by design”.

Why does it concern you?

The entry of GDPR entails that privacy must be an integral part of any HR and payroll process. As employers you are the controller of personal data on your employees, and as your HR- and BPO outsourcing partner, Zalaris is the processor of that employee data. GDPR applies to both data controllers and processors in the EU and organizations that target EU citizens, including transfers of such data to third countries and international organizations. This means that we must work together to ensure appropriate safeguards are in place.

What will be covered during this seminar?

As a trusted data processor and partner for our customers, Zalaris is turning up the speed in preparations for the increased demands that this role requires. Our seminar is specifically tailored to the controller-processor relation, with the aim of building a common foundation on which to work together.



09.00 – 09.15 Arrivals, Registration and Coffee
09.15 – 09.30 Welcome and Agenda by Zalaris
09.30 – 10.00 General understanding of GDPR through specific examples and realistic situations. Presentation by EY
10.00 – 10.30 Difference between the current personal data act and the GDPR, and consequence for your organization. Presentation by EY
10.30 – 10.45 Clarification of your role as a controller and Zalaris’ role as a processor. Presentation by EY
11.00 – 12.00 The journey of personal data from your organization to Zalaris and the challenges along the way. Presentation by Zalaris
12.00 – 12.30 What Zalaris is doing to prepare ourselves as a processor through gap assessment, awareness and BCR (Binding Corporate Rules). Presentation by Zalaris and EY
Lunch and mingling
13.30 – 14.00 GDPR seen from a local Data Protection Authority perspective. Presentation by The Norwegian Data Protection Authority (Datatilsynet)
14.00 – 15.15 Selected scenarios and client cases for how we apply the new GDPR requirements.

Presentations from two Clients


15.15 – 15.30


15.30 –




Possibility for client specific discussions with your client contact in Zalaris and GDPR professionals to discuss the situation of your company and our collaboration on this topic.



Please sign up in the questback registration