Case: Brøndby Kommune
Saving time and resources by taking a systematic approach to becoming GDPR compliant ahead of the deadline.
Like all other public and private organisations, the municipality must relate to the personal data rules – or the General Data Protection Regulation (GDPR).
“We take the handling of personal data very seriously, and, of course, we must also comply with the new regulations. Not because we are afraid of incidents, but because our citizens must feel secure with us”, says Marianne Bo Krowicki DPO in Brøndby Municipality.
From the outset, Brøndby Municipality chose to rely on a spreadsheet to manage the GDPR effort. But it quickly became clear that – in Marianne Bo Krowickis words – “it was very confusing and rather inefficient”.
So instead, the municipality launched a process where our GDPR tool, is used to identify areas in which personal data is managed, to systemise data handling and to document the work in accordance with the new regulation.
“The tool is easy to use for the employees even after just one workshop, and the work is progressing surprisingly fast. We are almost done with the Personnel Department, after which we will continue with the Social and Health Administration in February, then comes the Child, Culture and Sports Administration, the Technical Administration and finally our own Central Administration. This means we will be ready in due time before the new GDPR becomes effective as of May 25th, Marianne Bo Krowicki states.
A complete overview of data and security
Once the work is completed, the administration will have a complete overview of where sensitive personal data is handled and which safety measures they are surrounded by.
“We are working through everything and, at the same time, we are checking whether personal data is kept for instance on file drives or other places where they should absolutely not be stored. The Administration themselves get to work hands on with the substance, get things sorted out and become aware of whether or not they are doing things right. This can, for instance, mean whether all data processor agreements are in place, who information is exchanged with, and other practical and formal circumstances which one might otherwise not think much about on a daily basis. We get our definitions honed and work through everything. It is most reassuring”, says Marianne Bo Krowicki.
The certainty of having all legal aspects in place
She originally became aware of RISMA's GDPR tool during a course run by legal company Plesner and decided to give it a try.
“I have great respect for Plesner, and they were deeply involved in developing the tool, so this was in fact our guarantee that all the legal aspects were in place. Thus, if we were to take our starting point here, we would become compliant and avoid surprises to as great an extent as possible”, Marianne Bo Krowicki says.
Brøndby Municipality has chosen to take a thorough approach to the GDPR work, and she does not think they are going too far.
“Of course, this tool is not free, but the price seems very fair. Especially because it aids us in saving time and quite a lot of resources by systemising the effort and getting things done right the first time around.”