Organsation and Privacy Culture
The Visma group has an extensive compliance framework to ensure security and privacy. This includes policies, guidelines, audits, a corporate Chief Information Security Officer, Data Protection Council (Council), Data Protection Officer (DPO) and Data Protection Managers.
The responsibility to ensure that Visma acts according to applicable privacy legislation has been delegated to the DPO, an independent formal role described in the GDPR. The person appointed is a lawyer and Visma employee, and he is the main contact point for any data subject or customer in privacy matters. The DPO facilitates the privacy work in Visma. All strategic decisions regarding privacy are governed by the Council in order to ensure transparency and accountability.
All companies in Visma are subject to the framework and organisational requirements as outlined above. All companies are tied to a Data Protection Manager resource which continuously reports and co-operates with the DPO to solve everyday tasks. In addition, all companies reports to the Council on things like progress on mandatory privacy training, internal control, incidents and compliance with the corporate policies. The Council in turn reports to Visma group management and Visma’s owners.