Privacy

When you use services from Visma, you entrust us with your data. People will not use technology they do not trust, and for us, privacy and data protection is an important consideration in building that trust. We protect your privacy through organisational, technical and physical measures based on strict policies and standards.

Our Privacy page describes how Visma processes personal data, and further information specific to our software products can be found in the relevant terms of service. Please do not hesitate to get in touch with us at trust@visma.com, should you have further questions.

General Data Protection Regulation

The General Data Protection Regulation (GDPR), a new EU wide law, is set to come into effect on the 25th May 2018. It is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy. For more information about the GDPR, please refer to the EU’s GDPR Portal.

The GDPR strengthens the rights of individuals with respect to personal data. This means that Visma, as a software service provider, must strengthen the security measures that protect the personal data of our customers and individuals registered in our systems. As well as the features that enable our customers and individuals that use our services to exercise their rights.

It also means we must design our systems so as to enable you, our customers, to meet your obligations as the data controller for the data you process using our systems and services.

Visma naturally sets out to ensure that all of our software services, to the very best of our efforts, are compliant with the GDPR. Therefore, we have designed a comprehensive framework specifically with the GDPR in mind, comprised of the following main components:

  • Training for our employees
  • Privacy and data protection built into development and production
  • Dedicated data protection manager
  • A revised data processing agreement

Employee Training

All personnel in Visma completed a two-part mandatory e-learning course on privacy and data protection in 2017. In addition, specialist and key roles and teams receive additional training and support, tailored to their needs and requirements. This is for example security engineers, security and integration teams, and teams working with systems that handle sensitive data.

Privacy built into development and production

Key requirements and principles from the GDPR are currently being built directly into our production and quality management systems, such as:

  • Privacy governance framework
  • Risk assessments, including privacy impact assessments
  • Detailed data classification
  • Deletion, correction and return of data
  • Access and authorisation
  • Encryption, pseudonymisation and anonymisation
  • Operational procedures, such as:
    • Data access requests
    • Incident and breach management, including notification
    • Third party management, including data processing agreements with our subcontractors
  • Privacy by design

We will also provide a system by which you as a customer can easily request information about how the services you use, or wish to use, comply with the GDPR.

Dedicated Data Protection Manager

The Data Protection Manager is an internal role modelled after the Data Protection Officer role in the GDPR, and works full time with privacy. Most of that time is spent assisting development teams in assessing privacy requirements and issues at the application-level, as well as for example handling data processing agreements.

The Data Protection Manager also works closely with the security organisation and other data protection managers (each company in Visma has one).

The Data Protection Manager reports to the Visma group’s Data Protection Officer and divisional management.

Revised data processing agreement

We are revising the data processing agreements for all our software services in order to align them with the GDPR. All software services that comply with the framework described above will have the same data processing agreement, whose terms are thus based directly on a thorough technical and organisational system of security and privacy compliance.

We will as part of this work also provide information here on the Trust Centre about your duties as a “data controller” under the GDPR, to enable and support you when using software services from Visma.

Status and more information

We will update the Trust Centre with more details and information as we get closer to May. At the moment, we are hard at work ensuring that our software services meet your requirements, and those of the GDPR.

If you require more information in the meantime, please do not hesitate to contact us at trust@visma.com

We use cookies to collect information on your interaction with our website and combine this with the data you provide us to build a profile so we can show you content tailored to your interests. By accepting, you allow us to collect and process your personal information as described here.