GDPR does not have to be complicated or uncertain. We make the regulations understandable and help you put them into practice, so that you can feel confident about how personal data is handled in your organisation.
Challenge
The GDPR requires companies to have clear documentation of the systems that handle personal data, as well as an elaborate strategy for raising awareness and competence of both management and staff on GDPR issues.
Questions that Norrbil asked us to answer were:
- What type of personal data is processed in each system?
- Who has access to the personal data?
- Who is responsible for ensuring that personal data is processed lawfully?
- How do you ensure that handling remains safe?
- What policies need to be developed to know when, how and who should act if, for example, personal data is to be deleted?
Solution
We interviewed staff on site to get demos of all systems and understand the day-to-day operations. This resulted in the following:
- Analysing the current situation A report that clearly indicates where to allocate resources to make progress on GDPR
- Mapping Both by systems and various documents that answer the questions above
- Documentation Digitally stored in customised personal data processing system
- Education and training For all staff on what the GDPR means including IT security
- Next steps report Including tips and advice for safer handling of personal data and a plan for how Norrbil should proceed internally
Outcome
Following the project Northern car obtained a complete and digitally documented overview of all personal data management, with clear guidelines on responsibilities and access. The company has identified where resources need to be deployed to strengthen GDPR compliance and security in daily operations. At the same time, staff awareness and competences around data protection and IT security have increased, leading to more consistent compliance. With the action plan and concrete recommendations that have been developed, Norrbil now has a safer and more structured handling of personal data, which reduces risks and facilitates daily work.
