Case: Geelmuyden Kiese

May 13, 2019

Communications Company Documents Processes and Becomes GDPR Compliant

One of the largest communications companies in the Nordic countries – Geelmuyden Kiese – uses RISMA's GDPR solution to map their processes and structure their GDPR work. This saves in-house work hours, minimizes the need for expensive legal consultancy and simplifies GDPR management in years to come.

When companies and organisations launch a new product or project, they need a clear-cut strategy, precise communication to the public and often contact with political decision makers. This is where Geelmuyden Kiese enters the picture.

Under the slogan “We move power”, the 160 employees in the largest partner-owned communications company in Scandinavia work across interests, industries, target groups and borders. But Geelmuyden Kiese faced a new challenge when the GDPR made it necessary to document working procedures and data processing.

Several different processes created challenges

Executive guidelines, but that is not how it works for us. We have a flat hierarchy where our consultants are very close to the customers. Our counselling is tailored to our customers and the way they handle data, and this means that we have many ways to handle our data depending on how our customers work. So, in a nutshell, there is quite a large divergence between how the GDPR is chalked out to work, and how our company works”, says Markus Vickery, Nordic IT Manager of Geelmuyden Kiese.

Markus Vickery worked closely with the large Norwegian law firm Kvale all through 2017 to find a way to manage the GDPR project.

”We got a grip – that was what we were missing”

“At one stage, Kvale found out about RISMA's GDPR solution and recommended that we took a look at it. Our CFO and I had the solution demonstrated to us, and we quickly intuited that this might work. With RISMA's GDPR solution, we could systemize the work by following standardized questionnaires, build a structure for the company and import all our personal data processes. It was all very tangible”, says Markus Vickery.

“Broadly speaking – we got a grip on the process and saw results at the other end. This was exactly what we needed” he concludes.

Finding and closing the gaps has become easier

Over the past months, Markus Vickery and four of his colleagues have used RISMA's GDPR solution across the Nordic organisation to map and document the relevant processes. This has made the task of implementing the documentation requirements easier – and at the same time - has supplied Kvale’s legal consultants with quantifiable and structured information to work with.
“We supply material which Kvale’s lawyers can quickly and effectively run GAP analyses on and then give us feedback on how to make our procedures even better in order to be compliant”, says Markus Vickery.  

“It costs time and money to become GDPR compliant. But seen in relation to how much time is saved in-house – time, which our consultants now can spend on customers – by working efficiently with the processes, then we do not see the cost of RISMA's GDPR solution as large. The system has supplied us with good value and will continue to do so going forward, so it has been a very sensible choice for us”, he adds.

Good, positive and unanimous feedback on RISMA's GDPR solution

According to Markus Vickery, Geelmuyden Kiese has taken large steps forward in their GDPR process. He also estimates that RISMA's GDPR solution will facilitate complying with the many requirements of the GDPR in the years to come.  

“Basically, we were working in many different ways to become compliant. Now we have a single way. It is also an advantage that the solution can structure recurring tasks going forward. Amongst other things, the system reminds us when it is time to revisit data processor agreements or carry out other recurring tasks that the GDPR imposes”, he says.

Case Geelmuyden Kiese_GDPR Solution_Compliance

We point out that our blog posts are neither comprehensive nor an absolute exposition of the compliance processes. RISMA Systems makes no guarantee that the information is accurate, up-to-date or complete, and the blog post must by no means be seen as legal advice. You are responsible for verifying that the information is in accordance with applicable law, if you are considering using it. All information is used at your own risk. RISMA Systems cannot guarantee full compliance with applicable laws and regulations, if you choose to follow the information in this blog post.


Keeping your compliance knowledge up to date