A podcast with Stine Mangor Tornmark from Openli, and Alexander Høy from Raadgiver.dk, a consulting company offering advice on business and legal matters.
Stine interviewed Alexander to hear his perspective about what you should be aware of when starting an online business. In the podcast Alexander gives us some insights into his work at Raadgiver.dk, how they help start-ups, and tips on how you can ensure compliance when using cookies on your website.
The podcast is recorded in Danish, and you can read an English written translation of the transcript below.
My name is Alexander and I come from Raadgiver.dk, a company where we work with legal compliance, e.g. the GDPR rules, and a few other things like that. I am a legal and business consultant in that context, and also advise clients on economic matters. We work to give our clients an overview of current legislation with a financial perspective, and try to make the subject as easy to understand as possible.
We usually help newly started businesses and recently started businesses that need a legal or economic boost. We also have a few larger clients who need a one off solution, but our key customers are the ones who are just starting up. We help them with many things including corporate law, employment, and labour law, accounting, and also the GDPR.
Yes, exactly, well it is really about getting out there and doing something. If the authorities come by and see that you have been passive and done nothing, then they are more likely to impose sanctions or fines. So the more that you do, and the more you can implement the correct solutions in your company to be compliant, the better.
We start by getting an overview of the company. There are many things to think about when you are starting a business, so we need to figure out where we should prioritise our time. Depending on the type of business it is, we focus on key areas, which could be data for some companies, or if it is a webshop we might look at the Terms & Conditions, or if the company sells a service then we would focus on potential legal issues that could arise here.
It is very much dependent on the type of business the client has. We always strive to meet them at eye level and to keep things as simple as possible. If the client is interested, then we will teach them what they need to do, or we can solve the problem for them. We try to communicate with the clients about these things in an accessible way, so they also gain an understanding of how to do these things in the future.
The main thing for most start-ups is getting an overview, as there are many things to consider at this stage in the business. We typically begin with a meeting to identify what is important right now, and what to prioritise.
Yes, it is a part of the GDPR package we offer our clients, and cookies are very important in this regard.
In relation to cookies, most of our clients need help understanding the rules, it’s an area in steep development. Just a few months ago we got new guidelines from the authorities. Businesses have to keep up with these changes and recommendations as they come into force.
But, as soon as you start collecting user-data, or start placing cookies on website visitor's devices, then you have to start looking into the area. In this instance, we would talk to our clients about the types of consent they need to make sure that their cookie use is legal.
Yes, start by getting an overview of what your website does, and what type of cookies you are using. And then ask yourself, why are you using cookies? What do you need them for? And finally, have you got the right permission, and consent to collect this data. There are different types of cookies, and one of these is information-based. This helps the website determine, which language should be shown in the browser, which you don’t need consent for. But, if you are using cookies to collect analytical data or for marketing purposes, then you need to make sure you have the correct consent.
**You mention consent, is this something you see a lot of people doing the wrong way?
I see this very often, I would say at least 50% of all websites have an issue with meeting the consent requirements. You should obtain consent from your website user, before e.g., starting to track how they use the website.
There are a lot of risks involved in this instance. If you have obtained data from a website user without consent, then you might be breaking the rules, which can result in negative consequences such as sanctions and fines.
This is exactly the sort of thing we can help companies with. You must communicate clearly, precisely and comprehensively what the purpose of the consent is. It is not enough just to write, “By using our website, you accept our Cookie Terms and Conditions”. It has to be much more specific, so that the user knows what happens to the data. This is something we have seen in a number of cases. The rules state it must be just as easy to say no to cookies as saying yes to cookies. The data is worth a lot for companies, but you have to obtain it the right way.
If I had to focus on the essentials, then I would say that they need to:
Alexander studied business law and economics at Copenhagen Business School with a focus on the GDPR, and is a founding member of the non-profit organisation Danish DPO society. He has worked as a consultant and partner in Raadgiver.dk since 2017, focusing primarily on GDPR and privacy.
You can contact Alexander via the Raadgiver.dk website, if you are interested in hearing more about what he can do for your company.