Preparing for GDPR as Controller

Visma process data about employees and customer contacts/users. In a few occasions, we may also process data about others. This is natural when running a software business. Our main efforts making sure we are compliant, are related to being transparent.  Enabling our employees and customer contact persons to understand why, what, when and how their personal data are processed. Our customer contact persons will find this information in our Privacy Statement.

As a Controller, Visma maintains catalogues of our processing activities which is the core of our internal control system. These catalogues describe why, how and when we process personal data. This work is done on a legal unit level (Visma subsidiaries) supervised by the DPO, and is based on corporate policies and guidelines issued by the DPC.

We are also ensuring that all data protection agreements (DPA) with subcontractors are sufficient in terms of protecting the rights of data subjects, as well as complying with provisions for transfer of data outside the EU/EEA as set out in the GDPR.

Utilising the power of digital marketing technology is key to Visma going forward. This involves creation of interest profiles such that only relevant information can be presented to stakeholders. Visma protect the rights of persons being exposed to this by explaining what we do and ensure the legal grounds for processing personal data for this purpose. In addition we will increase efficiency for stakeholders wanting to adjust their interest profiles, as well as withdrawing consent.