Here are some specific services in this area Legal compliance.
Legal compliance
Sustainability reporting
Since the beginning of 2017, large and medium-sized Swedish companies have been obliged to produce sustainability reports.
The sustainability report shows that the organization is achieving long-term sustainable development. By law, the sustainability report must contain information on the environment, social conditions, personnel, respect for human rights and anti-corruption. The sustainability report also describes how your organization works with these issues to achieve better results.
We can help you produce a sustainability report that meets the requirements.
The EU's new sustainability reporting directive, CSRD, will enter into force in 2024 and will gradually cover more and more companies. CSRD stands for Corporate Sustainability Reporting Directive. The directive imposes stricter requirements on companies' sustainability reporting.
Working environment and labour law
GDPR - General Data Protection Regulation - Data Protection Regulation
Advice on GDPR, health and safety and sustainability
Our lawyers can help you with advice and investigations within GDPR, work environment and sustainability. Through our different competencies, we get a holistic perspective that connects business and law. This means that we can create practical solutions that we can also help you implement in an effective way.
Whistleblowing
As of December 17, 2023 all companies with more than 50 employees mustimplement a whistleblowing function that meets therequirements of the new law. The Qbase anonymous whistleblowing function helps you meet the new requirements.
Whistleblowing is when a person raises the alarm about misconduct within an organization. The new whistleblowing law will contain a number of new detailed requirements that many organizations will have to take into account. For example, all employers with more than 50 employees will have to set up a whistleblowing system.
We can help you develop a workable end-to-end solution including:
- An anonymous whistleblower function through a direct reporting channel to our health and safety lawyer.
- Procedures
- Training and embedding with management and staff
Want to know more?
Fill in the form below and we will tell you more.
GDPR - the General Data Protection Regulation - is an EU-wide regulation that aims to create a uniform and equivalent level of protection of personal data so that the free flow of data within Europe is not hindered.
If an organization fails in its processing of personal data, it may have to pay a so-called administrative fine of up to €20 million or 4% of its global turnover.
We at Qbase have solid knowledge about GDPR and what is required to comply with the regulation.
We help companies, organizations, authorities and housing associations to comply with GDPR.
Qbase offers projects for implementation and training in GDPR.
We have a GDPR-focused lawyer in our organization who can help with, among other things, legal advice and investigations.
To take your GDPR work to the next level and ensure that you have a secure IT environment, we offer Qbase Cybersecurity. We make a vulnerability analysis to see how your IT environment lives up to good cybersecurity. The analysis covers both hardware, software and working methods. If you want to read more about it, you can do so here.
External DPO as a service
Organizations processing personal data are in some cases required to appoint a data protection officer (DPO).
The main role of the DPO is to continuously review the compliance of the organization's personal data processing with the requirements of the GDPR.
By hiring Qbase as a data protection officer, you ensure the availability of expertise and experience in the field while meeting the requirements of the GDPR.
When is a Data Protection Officer needed?
Many organizations need to appoint a data protection officer to comply with the GDPR. A data protection officer must be appointed:
- When authorities process personal data
- When the core activity consists of processing on a large scale and requires regular and systematic monitoring.
- When core activities consist of large-scale processing of special categories of data or criminal convictions and infringements.
How do we work?
Our role as DPO is based on the basic requirements of the General Data Protection Regulation regarding the minimum information a DPO should have. In addition, we adapt the role to your specific needs.
A DPO must always at least have the task
- informing and advising the PUA or PUB and the employees processing personal data on their obligations under this Regulation
- Monitoring compliance with this Regulation and with the PUA or PUB's personal data protection policy, including the allocation of responsibilities, information and training of staff involved in processing and related audits
- Advising on request on the data protection impact assessment and monitoring its implementation.
- Working with the supervisory authority
- Acting as a point of contact for the supervisory authority on issues related to processing.
We often see a need among our customers to, in addition to the basic requirements, also get support with the development and updating of procedures for a functioning GDPR work and support in the work on incidents.
A good start to our cooperation is that we conduct an initial gap analysis to see where the work may be lacking. We can then plan our work based on risk, which is in line with GDPR guidelines.