Skip to main content

What is Data Protection Day?

Did you know that the right to privacy in the digital world is a human right? Still, many people lack knowledge about how their personal data is being collected, used, and shared. That is the focus of the Data Protection Day that takes place on January 28th.

“”

Data Protection Day is celebrated internationally on January 28th each year in order to promote privacy and raise awareness on best practices when it comes to data protection. 

The day focuses on raising awareness for individuals, businesses and consumers and how we can better protect our data and private information in the digital space. 

Why is this an important initiative? Many people still lack education and knowledge about how their personal data is being collected, used, and shared. The goal is, therefore, to inspire people to take action to better protect their personal information online, especially on social media. 

Did you know that your privacy and data online is protected by Article 8 of the European Convention on Human Rights? This illustrates the importance of the topic, and why it should not be taken lightly. 

How can you as a consumer become better at protecting your data?

As a consumer, it is important to make informed and educated decisions when sharing your personal data, especially with businesses. Your personal data such as age, gender, purchase history, location, and so on, have great value–so keep that in mind when deciding what you share and with whom. 

The same goes for downloading an app: You’re often required to give the app owner access to certain information in order to use it, such as your list of contacts, location, health data, photos, and microphone. 

Sometimes, this is not relevant information for the service offered. In those situations, you should consider what you’re comfortable with sharing and look into the terms of service and manage your privacy settings.

Companies, on the other hand, need to make sure that they keep their customers’ data protected at all times and in accordance with current regulations. The same goes for their vendors and partners. 

A breach where customer data is leaked can lead to a loss in both reputation and customer trust, in addition to the financial loss which can be just as devastating to a business.

Risk should always be managed, and in order to create trust, the company should be transparent on how the business is collecting, using and sharing end users’ personal data.

Additional reading: What is social engineering and how to prevent such attacks?

How does Visma work with privacy and data protection?

Visma is committed to safeguarding the data we are trusted with from our customers, employees, and contact persons. As a European corporation, we are subject to European privacy legislation, including the General Data Protection Regulation (GDPR).

Here are the three most important long-term actions we take in relation to privacy and data protection: 

  • Security awareness training of our employees
  • Systematic focus through our internal security assessment that continuously audits the data protection skills and abilities of our services
  • Monitoring of progress (index) of the work we do within security and data protection 

Let’s dig a bit deeper into how we specifically work with data protection in Visma: 

Organisational commitments demonstrate that we take data protection seriously

What initiatives do we carry out to ensure top focus on security and data protection? Here is an overview of:

  • Dedicated privacy resources on both group level and company level

Every Visma company is tied to a privacy resource, also known as a Data Protection Manager (DPM). In addition, a legal council has been assigned at the organisation group level–the Visma group Data Protection Officer (DPO). Together with the corporate compliance team, the DPO is responsible for all DPM’s and data protection in Visma.

  • Independent Visma Privacy Council

We have also established the independent Visma Privacy Council, where all divisions and business interests are represented. It’s led by the DPO and monitors compliance with GDPR and makes all strategic decisions regarding data protection in Visma. Monthly meetings have been held since 2016.

  • Subscription management centres and privacy support emails

We have established subscription management centres where external contact persons can manage, edit and delete their personal data in relation to marketing. Moreover, dedicated privacy support email addresses have been established to handle customer or data subject questions and requests.

  • Building a strong security culture internally

We are continuously running campaigns and activities to build a strong privacy culture among our employees, to promote a proactive approach to privacy. 

  • Streamlining audit reports, certifications and other generic information

We are using the current request from customers on privacy audits and questions to predict how we can streamline audit reports, certifications and other generic information to customers.

  • Fulfilling the information security requirements brought by GDPR (General Data Protection Regulation). 

We have a strong security culture going back to before GDPR and have a dynamic approach to this aspect of the business. We fulfil the information security criteria brought by the GDPR (article 32).

You might also be interested in reading: What is financial cybercrime and how to prevent it?

Investment in training increases knowledge and affects our behaviour

What specific training and awareness activities do we run?

  • Visma employees are enrolled in the Visma mandatory privacy e-learning course
  • DPMs have dedicated communication channels and workshops
  • Stakeholders in a potential privacy breach, in particular development, operations and customer account managers, are drilled and included in the incident response routine.
  • The privacy and security incident response routine is operated by a dedicated team that assists with everything from initial notification of stakeholders of an incident to final lessons learned sessions. This way, Visma is able to fulfil all legal requirements tied to notifying data protection authorities, customers or data subjects of privacy breach in an efficient, professional and smart manner.

Understanding the personal data we process, how we process it and the risk of it

How do we work as a Data Processor and Data Controller?

Visma as Data Processor

The services and products that we offer are subject to a security and privacy self assessment regime in order to meet the commitments we take on as data processors towards our customers.

Moreover, the self-assessment regime maps out the privacy abilities, skills, weaknesses, and assesses risk and facilitates mitigation of risk, in addition to a series of security areas.

Lastly, mitigation is systemised in a ticketing system and monitored through a live index to ensure progress and detect bottlenecks.

Visma as Data Controller

We do internal control documentation each year to check the processing routines of personal data, both the data that belongs to our employees and to our customers. 

The purpose is to ensure transparency towards data subjects on how we process their personal data, also demonstrated through the Visma Privacy Statement (customer contact persons) and the Personnel handbook (for employees).

Want to learn more about how to stay secure when working from home, or how to raise security awareness in your company? Check out our Security page on the blog

Learn more about security

Most popular

  • ""

    What is an IT Security Policy?

    Every organisation—from startups to large, global corporations and nonprofits—must make sure that they have procedures to keep up with an ever-changing landscape of threats and vulnerabilities to keep its assets secure. But what is an IT Security Policy, and how do you enforce them?

  • ""

    Turning the UEFA Euro into math

    The Finnish company Weoptit, a company in Visma, has turned the UEFA Euro tournament into math and simulations. Based on a model originally built by their analysts prior to the World Cup 2006, they have played out the tournament 1,000 000 times to find out what results each team can expect from this summer’s football festival.