Connecting IT systems and processes future-proofs the compliance strategy
The design company Kvadrat has chosen to base its choice of GDPR solution on existing business processes and IT systems.
Kvadrat, a leading Danish design company, has implemented RISMA’s GDPR solution to address the challenges of efficiently managing GDPR compliance. As a company with several subsidiaries and an extensive network of distributors in different countries, it is vital for Kvadrat to protect personal data and comply with legislation.
Christina Okholm, Legal Counsel at Kvadrat, is responsible for ensuring that the company be able to solve the compliance tasks assigned to different departments and subsidiaries. Her approach involves thoroughly understanding the company’s business processes and IT systems and prioritizing them in cooperation with the company’s compliance partners.
The importance of the interaction between business processes and IT systems in GDPR compliance
For Christina Okholm it is crucial to acknowledge that GDPR compliance cannot be solved exclusively by legal departments. An effective solution requires an in-depth understanding of the company’s business processes and their connection to IT systems. GDPR compliance is not just about having the right policies and procedures, but to a great extent about identifying, processing and transferring personal data between different systems and departments.
GDPR compliance cannot be solved exclusively in a legal department. The tasks require in-depth knowledge of the company’s business processes and its interaction with IT systems. GDPR is also very much about managing IT systems, so it is important to address both components.
For Christina Okholm, this means continuously ensuring that the company’s IT systems and business processes be in compliance with GDPR requirements and that there be an ongoing dialogue between the system owners and compliance partners.
The need for centralized work reporting
Previously, Kvadrat used Excel spreadsheets to manage and document GDPR-related actions, including risk assessments and GAP analyses. It was challenging to use Excel to manage and document actions such as risk assessments and GAP analyses, and to carry out other tasks.
You can solve a lot with Excel sheets: you can make your risk assessments, make a questionnaire, make a GAP analysis. However, you cannot create a total report.
Christina Okholm has therefore focused on future-proofing the company’s GDPR work and creating centralized work reporting where compliance partners can work with several areas in the same system. This includes securing data processing agreements with data processors and handling deletion policies that vary from country to country. She adds:
It makes it easier that I'm not the one who has to send emails to people in the organization to ask whether they have remembered to have a specific action documented, e.g., a deletion. Then it’s better that it happen automatically with a check in the system that helps me
Based on the complexity of Kvadrat’s existing GDPR work and requirements for centralizing work reporting, Christina Okholm chose to implement RISMA’s GDPR solution to meet the company’s current and future needs.
RISMA’s GDPR gathers all documentation in one easy to access and intuitive place, and that is one of the reasons why we went on with RISMA.
Future-proofing the company’s compliance strategy
Implementing the GDPR solution helps the company comply with GDPR regulations, streamline workflows and document their compliance. It has also been a flexible solution capable of being integrated into the company’s existing IT systems.
Effectively managing GDPR compliance is essential for any company that wants to protect personal data and comply with legislation.About Kvadrat
Kvadrat was established in Denmark in 1968 and has deep roots in Scandinavia’s world-famous design tradition. Kvadrat is a leader in design innovation and produces high-performance design textiles, carpets, window coverings and acoustic solutions for both commercial and residential interiors.