Trust Centre
Trust Centre
Data Protection Program
To ensure all of the companies we own focus on data protection as part of their daily business and delivery of services, each company has appointed a Data Protection Manager (DPM), who is responsible for data protection in their company. When required, the company has registered a Data Protection Officer (DPO) with the local authority.
The Visma Group Legal & Compliance Team assists and advises the DPMs in their daily work with data protection. The Group Legal & Compliance Team reports regularly to the Board of Directors through the Risk Audit Committee.
Policies and guidelines
The Visma Group Legal and Compliance Team supports the companies we own with an extensive set of guidelines, checklists, templates and tools to help them in ensuring compliance.
Our privacy policies instruct employees how to act when processing personal data – both from the customers of our companies and internally owned data. This is also set out in the Visma Code of Conduct.
Our privacy policies instruct employees how to act when processing personal data – both from the customers of our companies and internally owned data. This is also set out in the Visma Code of Conduct.
Risk, maturity and monitoring
The products and services of the companies we own are constantly evolving. To ensure we comply with applicable data protection legislation - while also meeting our customers expectations - Visma has implemented an internal assessment program. The assessments give us insight into the actual risks related to the products / services, and to how Visma companies comply with applicable legislation.
Most of the products / services we launch to the market are reviewed annually through a mandatory assessment where data protection and similar legislation is given the largest focus. The assessments consist of detailed requirements with questions and answers, and non-compliance matters are followed up through tickets.
Most of the products / services we launch to the market are reviewed annually through a mandatory assessment where data protection and similar legislation is given the largest focus. The assessments consist of detailed requirements with questions and answers, and non-compliance matters are followed up through tickets.
⏵ Compliance assessment
This assessment documents compliance status and identifies risks. It allows us to track what kind of data is processed, how it is processed, how it is protected and with whom it is shared – helping us implement measures to prevent incidents before they occur.
⏵ Monitoring
Most of our products and services are governed by a security and compliance regime that monitors, measures and flags risk. The monitoring runs automatically, 24/7, through an internal index where anyone within the group – at any time – can view the status of our products and services from a data protection and security perspective.
Incident handling
In the event of an incident in a Visma company and/or one of our products/services, our Global Security Operation Center (GSOC) – including the Visma Group Legal and Compliance team – initiates the incident response procedure.
The GSOC team is specialised in handling security and privacy incidents. Together with the team responsible for the specific product and/or area of business, the incident is further handled and closed. In this way we can respond quickly and timely to incidents, mitigate risks and ensure customers receive accurate information during the incident handling.
The GSOC team is specialised in handling security and privacy incidents. Together with the team responsible for the specific product and/or area of business, the incident is further handled and closed. In this way we can respond quickly and timely to incidents, mitigate risks and ensure customers receive accurate information during the incident handling.
Awareness and training
The legal environment is rapidly changing and new laws and regulations take effect to control the collection, use, retention, disclosure and disposal of personal data and information.
Simultaneously, the rate of cyber attacks, data breaches and unauthorised use of data is growing. This makes it more important to understand the rights and obligations of individuals and organisations with respect to personal data and customer data.
On this basis, all Visma employees are subject to annual data protection awareness training. In addition, dedicated training is available for specific groups of people like support personnel and our DPMs (Data Protection Managers).
Simultaneously, the rate of cyber attacks, data breaches and unauthorised use of data is growing. This makes it more important to understand the rights and obligations of individuals and organisations with respect to personal data and customer data.
On this basis, all Visma employees are subject to annual data protection awareness training. In addition, dedicated training is available for specific groups of people like support personnel and our DPMs (Data Protection Managers).
Confidentiality
When businesses trust us with their data, they also need to know that we will treat the data with the necessary level of confidentiality. All of our employees have confidentiality clauses in their employment contracts – and when they leave, their duty of confidentiality remains.