Data Protection Day 2022

Data Protection Day is celebrated internationally on January 28th each year in order to promote privacy and raise awareness on best practices when it comes to data protection. The day focuses on raising awareness for individuals, businesses and consumers in regards to the importance of protecting their data and private information in the digital space. 

Many people are not educated and thus unaware of how their personal data is being collected, used and shared and the day has, therefore, an educational focus with the goal of inspiring people to take action in order to protect their personal information online, especially when it comes to social media presence. Your privacy and data protection online is very important to always keep in mind and is also protected by Article 8 of the European Convention on Human Rights. It must therefore not be taken lightly. 

How does Visma work with privacy and data protection? 

Visma is committed to safeguard the data we are trusted with from our customers, employees and contact persons. As a European corporation, we are subject to European privacy legislation, including the General Data Protection Regulation (GDPR). 

The three most important - long term - actions we take are related to training of our employees, systematic focus (through our internal security assessment that continuously audits the data protection skills and abilities of our services) and monitoring of progress (index) of the work we do within security and data protection. This is further described below. 

Organisational commitments demonstrate that we take data protection seriously 

• Every Visma company is tied to a privacy resource - a Data Protection Manager (DPM). 
• Visma has assigned a Visma group Data Protection Officer (DPO) which together with the corporate legal team are responsible for all DPM’s and data protection in Visma. 
• Visma has established the independent Visma Data Protection Council, where business interests are represented. It’s led by the DPO and monitors compliance with GDPR and makes all strategic decisions regarding data protection in Visma.The Council was established in 2016 and meets regularly throughout the year. 
• Visma will continue to build a strong privacy culture among our employees, in order to promote a proactive approach to privacy among employees.
• Visma is using the current request from customers on privacy audits and questions to predict how we can streamline audit reports, certifications and other generic information to customers. 
• Visma has a strong security culture - as long before the GDPR - and has a dynamic approach to this aspect of business. 

Investment in training increases knowledge and affects our behaviour 

• Visma employees are enrolled into the Visma mandatory data protection e-learning course 
• DPMs have dedicated communication channels, meetings and workshops 
• Stakeholders in a (potential) privacy breach, in particular development, operations and customer account managers etc., take part in the incident response routine. 
• The incident response routine is operated by a dedicated team of security experts that assists with everything from initial notification of stakeholders of an incident to final lessons learned sessions. This way, Visma is able to fulfill all legal requirements tied to the incident handling. 

Understanding the personal data we process, how we process it and the risk of it 

Visma as Data Processor 

• Services and products that Visma offers in the market are subject to a security and privacy self assessment regime in order to meet the commitments we take on as data processor towards our customers 
• The self assessment regime maps out the privacy abilities, skills, weaknesses, assesses risk and facilitates mitigation of risk, in addition to a series of security areas
• Mitigation is monitored through a live index to ensure progress and detect bottlenecks. 

Visma as Data Controller 

• Processing personal data about Visma employees and customer contact persons are subject to an internal control system according to GDPR requirements. The purpose is to ensure transparency towards data subjects on how we process their personal data, also 
• demonstrated through our Privacy Statement (customer contact persons) and internal routines(employees). 
• Please also refer to Visma’s Trust Centre where we have published our privacy statement and other relevant privacy information: https://www.visma.com/trust-centre/privacy/

Some tips on how to become even better at data protection? 

As a consumer, it is important to make good decisions when sharing your personal data, especially with businesses. Your personal data such as age, gender, purchase history, location, etc represents great value so keep that in mind when deciding what you share and with whom. The same goes for downloading an app, you’re often required to give the app owner access to certain information in order to use it, such as your list of contacts, location, health data, photos, microphone, etc. And sometimes this is not relevant for the service offered. In this case, you should consider what you're comfortable with sharing and look into the terms of service and manage your privacy settings. 

Companies on the other hand need to make sure that they keep their customers’ data protected at all times and in accordance with current regulations. The same goes for their vendors and partners. A breach where customer data is leaked can lead to a loss in both reputation and customer’s trust in addition to the financial loss which can be just as devastating to a business. Risk should therefore always be managed, and in order to create trust, ensure the company should be transparent on how the business is collecting, using and sharing end users’ personal data.