General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR) replaced the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens' data privacy and to reshape the way organisations across the region approach data privacy. The enforcement date was 25th of May 2018 for all EU countries. Norway being not part of the EU will have to convert the EU regulations into national law.

Who does the GDPR affect?

The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

How Visma is prepare for GDPR?

Visma naturally sets out to ensure that all of our software services, to the very best of our efforts, are compliant with the GDPR. Therefore, we have designed a comprehensive framework specifically with the GDPR in mind, comprised of the following main components:
  • Training for our employees
  • Privacy and data protection built into development and production
  • Dedicated data protection manager
  • A revised data processing agreement

What constitutes personal data?

Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

Visma as a provider for cloud and on premises software focuses heavily on this area to ensure our customers will be able to comply with the new regulations. This document will provide guidelines for the Visma Business product line in order to set up the system in a way to support the new requirements according to GDPR. However, Visma Business is a very flexible and highly customisable ERP system. Each company may use the system differently and may store different types of data in the various Visma solutions.

It is also important to understand that software/tools do not have to comply with GDPR; it is always a company who needs to ensure that all processes, including the way how they use their software/tools comply with the principle of GDPR.

Following this document alone cannot be used as acceptance criteria for GDPR compliance. It is very common that other systems (non Visma systems) are in use and store either personal or sensitive data. Each company needs to verify their own practices when using the Visma Business produktlinje or other systems and verify that they have a process in place which is in line with the new regulations.

This document will focus on what needs to be considered when running the Visma Business produktlinje with the following products:
  • Visma Business
  • Visma Business Regnskapsbyrå
  • Visma User Directory
  • Visma Document Center

Visma Business or Visma Document Center are often connected with Visma.net cloud services like Visma.net AutoInvoice, Visma AutoPay or Visma.net Approval. Over the upcoming years we will see even more functionality moving from the on premises software to cloud solutions. This document covers the guidelines for connecting to these services in a secure way.

More information about security and privacy is available in Visma Trust Centre (https://www.visma.com/trust-centre/).

Beslektede emner



Vi setter pris på dine tilbakemeldinger. Send tilbakemelding til Visma på dette emnet.