May 13, 2019

Plastics company takes charge of their own GDPR effort

RISMA's GDPR solution facilitates the organisation, implementation and maintenance of full GDPR compliance for the Danish plastics and recycling company SKY-LIGHT

“Consultants and lawyers tend to turn GDPR into a big problem. I get calls on an almost daily basis from companies who would like to help us become compliant in due time - and who explain why we should pay them quite a lot of money to do it”, says CIO Dennis Østergaard from SKY-LIGHT.

“RISMA’s GDPR solution, however, makes it simple to approach the task by yourself. It gives you an overview of where your personal data is, how you can sort it efficiently, which processes to implement, and so forth. And everything is documented and logged on the way,” he points out.

Focusing on social responsibility

Few people outside of the plastics industry know SKY-LIGHT. Nevertheless, this Danish company’s products can be found in almost all European homes in the shape of boxes, canisters and lids which keep your yoghurt, pasta salad and paté fresh and appetizing in your fridge.

“We manufacture more than 550 million pieces of packaging and more than 25.000 tons of foil each year. But we are a part of the manufacturing chain even earlier because we also produce the plastics which the packaging is made of”, says Dennis Østergaard. A majority of the raw materials is recycled plastics derived from, for instance, old plastic bottles and waste material from other companies.

“SKY-LIGHT has one of the highest recycling percentages in the business, which harmonizes with our main vision of actively taking responsibility for the community and the environment. We gladly transfer this responsibility to other areas such as the GDPR. We do not just want to be compliant by May 25th. We also want to internalize the procedures and ensure that we will be treating personal data 100 % correct going forward”, Dennis Østergaard emphasizes.

”Personal data is found in surprisingly many places"

RISMA's GDPR solution is in its basic form an IT tool which guides a company through every step of the way towards full compliancy with the GDPR. In the relatively short period of time that SKY-LIGHT has applied the tool, they have come quite far.

“We have gathered all the information on where personal data is located in the company. At the moment, we are devising an action plan by using RISMA's GDPR solution to create an overview of where we are and which way we are going. We are not compliant yet (medio March, red) - but we are well on our way”, Dennis Østergaard concludes.

“During this process we were surprised to find that personal data can hide in many places. So quite a few skeletons have fallen out of the closets as we have sorted old personnel folders, customer service cases and all kinds of other things. But it is good to get it sorted. It sets your mind at ease”, he adds.

Tangible and impressively easy solution

Dennis Østergaard is “quite convinced” that SKY-LIGHT will become compliant in due time before the GDPR takes effect. In connection with this, he praises the tool for making GDPR tangible and easy to work with.

“RISMA is able to turn a rather unwieldy subject with a lot of complex legal aspects into a simple, guided process. It takes you by the hand and facilitates you to complete tasks in a clearly defined order, and after you have gone through this, you are compliant and can document it right down to the smallest details. And going forward, RISMA aids you in staying compliant. It is tangible, concrete and – when all is said – impressively simple,” he says.

Case SKY-Light_ GDPR solution_Compliance

We point out that our blog posts are neither comprehensive nor an absolute exposition of the compliance processes. RISMA Systems makes no guarantee that the information is accurate, up-to-date or complete, and the blog post must by no means be seen as legal advice. You are responsible for verifying that the information is in accordance with applicable law, if you are considering using it. All information is used at your own risk. RISMA Systems cannot guarantee full compliance with applicable laws and regulations, if you choose to follow the information in this blog post.


Keeping your compliance knowledge up to date