To ensure all Visma Companies focus on data protection as part of their daily business and delivery of services, each company has appointed a Data Protection Manager (DPM), who is responsible for data protection in their company. When required, the company has registered a Data Protection Officer (DPO) with the local authority.
The Visma Group Legal & Compliance Team assists and advises the DPMs in their daily work with data protection. One person in the team has the official role as DPO for the Visma Group functions. The Group Legal & Compliance Team reports regularly to the Board of Directors through the Risk Audit Committee.
The Visma Compliance Council is the advisory body for Visma Group and its companies regarding compliance towards EU laws and regulations. The GDPR is given extra attention due to the nature of Visma being a software provider that processes a large volume of personal data and with more than 15.000 employees throughout Europe and Latin America.
The Visma Group Legal and Compliance Team supports the Visma companies with an extensive set of guidelines, checklists, templates and tools to help the companies in ensuring compliance.
Our privacy policies instruct employees how to act when processing our customers' personal data and our internally owned personal data, and this is also pointed out in the Visma Code of Conduct.
The Visma products and services are constantly evolving. To ensure we comply with applicable data protection legislation - while also meeting our customers expectations - Visma has implemented an internal assessment program. The assessments give us insight into the actual risks related to the products / services, and to how Visma companies comply with applicable legislation.
Most of the products / services we launch to the market are reviewed annually through a mandatory assessment where data protection and similar legislation is given the largest focus. The assessments consist of detailed requirements with questions and answers, and non-compliance matters are followed up through tickets.
This assessment is a way of documenting compliance status and mitigating identified risks. In short, it allows us to keep track of what kind of data is processed, how it is processed, in what manner it is protected and with whom it is shared. This helps us implement measures to mitigate risks and prevent incidents before they occur.
Most of our products /services are governed by a security and compliance regime that monitors, measures and flags risk. The monitoring is done automatically, 24/7, through an internal index where anyone within Visma - at any time - can view the status of our products/ services from a data protection and security perspective.
In the event of an incident in a Visma company and/orone of our products/services, our Global Security Operation Center (GSOC), including the Visma Group Legal and Compliance team, initiates the incident response procedure.
The GSOC team is specialised in handling security and privacy incidents. Together with the team responsible for the specific product and/or area of business, the incident is further handled and closed. In this way Visma can respond quickly and timely to incidents, mitigate risks and ensure customers receive accurate information during the incident handling.
The legal environment is rapidly changing and new laws and regulations take effect to control the collection, use, retention, disclosure and disposal of personal data and information.
Simultaneously, the rate of cyber attacks, data breaches and unauthorised use of data is growing. This makes it more important to understand the rights and obligations of individuals and organisations with respect to personal data and customer data.
On this basis, all employees in Visma are subject to annual data protection awareness training. The Visma goal is that at least 80 % of our employees take this training. In addition, dedicated training is available for specific groups of people like support personnel and our DPMs (Data Protection Managers).
When customers trust us with their data, they also need to know that we will treat the data with the necessary level of confidentiality. All employees in Visma have confidentiality clauses included in their employment contracts, and when employees leave Visma, they are reminded that their duty of confidentiality still remains.
