With a background in software development comes the advantage of being able to build a GDPR tool yourself. At least that's what Karsten Markmann, Head of IT at Bizbrains, managed to do when he started in his role in 2017.

“I have a software developer background, so I built a solution for us internally. It didn't take that long. So, we used SharePoint and all the workflows in it to support the different processes. And we used that solution for quite a while.”

Karsten Markmann
Head of IT at Bizbrains

Among other things, the solution helped Bizbrains comply with the GDPR, which came into force the year after Karsten Markmann was hired.

He was the one who was awarded the GDPR hat because he had the full overview of the data and IT systems used by Bizbrains.

But the heavy and legal part of GDPR was also outisde of Karsten Markmann’s comfortzone:

“I also realized that it would be a full-time job to keep up with changes in legislation - and to implement them in our solution. We could also see that SharePoint was quickly falling short when it came to delegating GDPR tasks and other necessary functions.”

Karsten Markmann
Head of IT at Bizbrains

Due to the limitations of SharePoint and the manual work, Karsten Markmann had no doubt that Bizbrains needed a different GDPR solution.

“The other platforms were similar to what I had built myself”

Karsten Markmann required the new compliance solution to have legal weight and more advanced features to replace - and outdo - Bizbrains' current solution:

“We needed to find a supplier who had built a product not because they had a software background, but because of their legal knowledge in the field - and that's where I could see that ComplyCloud was significantly different from many others.  The other platforms were similar to what I had built myself.”

Karsten Markmann
Head of IT at Bizbrains

To Karsten Markmann, it was clear that lawyers are the architects behind ComplyCloud and that it is built on - and constantly follows - legislation.

This added value not 'only' gave peace of mind for Karsten Markmann and Bizbrains, but also for both potential and existing customers.

Ready with legal documentation when customers ask for it

Bizbrains' need to have the legal pillar that ComplyCloud is built around comes from the requests that Bizbrains experience among their primary customers. That is, enterprise customers:

“We often have a dialogue with our customers' legal department. That's why it's super important to me that I can accommodate them and deliver something in their 'language.’  This is the case, for example, when we do Transfer Impact Assessments - or TIAs - which ComplyCloud also supports.”

Karsten Markmann
Head of IT at Bizbrains

‍

A TIA (Transfer Impact Assessment) is a process of assessing the impact on data security when sharing personal data with a country outside the EU/EEA. It’s about ensuring that personal data is protected when sent to countries that may not have the same data protection laws as the EU.

‍

With TIAs in hand, Bizbrains could prove that they had mitigating measures in place, had the risk part under control, and that everything was encrypted. And with that documentation, they could ensure their customers' confidence in choosing Bizbrains as a partner.

“If you search the web for answers on how to do a TIA, you've embarked on a mission impossible. So, it was decisive for me that ComplyCloud had it as a document that we could tailor to our business. And that has actually won us a lot of customers.”

Karsten Markmann
Head of IT at Bizbrains

‍
Before Bizbrains got ComplyCloud, the legal process could feel like a tug of war:

“The lawyers we were in contact with at our customers always needed to clarify something new or to go into more depth. Thus, the legal matters took blood, sweat and tears before we won new customers. That hurdle is at an absolute minimum now that we have ComplyCloud.”

Karsten Markmann
Head of IT at Bizbrains

A compliance solution that can ‘work magic’ - and pave the way for an ISAE 3000

One feature that has accelerated compliance work and, not least, made it documentable for Karsten Markmann is ComplyCloud's document generator:

“ComplyCloud's wizard-driven document generator makes all the difference for us. When you answer one question, it takes you to a new question and shuts down other questions, so I only have to focus on what's relevant to us. That was one of the reasons why it became ComplyCloud.”

Karsten Markmann
Head of IT at Bizbrains

The fact that Bizbrains got their GDPR compliance so well under control also meant that Bizbrains didn't hold back on making all their hard work pay off.

They reached out to Deloitte, one of the world's largest auditing and consulting firms, to get an ISAE 3000 audit report as official proof of their credibility to Bizbrains' customers:

“Because of ComplyCloud, we had all documents ready for an audit - from processing activities to data processing agreements. We were tested on several control points. That way, we could easily see where there were gaps - and just as easily close them by setting up the right processes. So, with ComplyCloud, we got an ISAE 3000 audit report.”

Karsten Markmann
Head of IT at Bizbrains

As Karsten Markmann explains, compliance efforts have not 'only' paid off in terms of an ISAE 3000 audit report, but also in day-to-day work in the long term:

“The processes we got a handle on regarding the audit have been saved in ComplyCloud. Among other things, in the annual cycle of work. By that, we’re sure that tasks are automatically assigned to the respective employees who need to follow up. The whole mix makes ComplyCloud a powerful tool for us.”

Karsten Markmann
Head of IT at Bizbrains

NIS2 also became a part of the compliance work

As it turned out, Bizbrains benefited even more from ComplyCloud when the EU's NIS2 Directive was made public in 2022.

With this legislation on the way, Bizbrains will be indirectly covered by the NIS2 law, as the company is a subvendor to many of the companies in the energy sector that will be directly covered.

To become NIS2 compliant, Bizbrains decided to lean on the international standard ISO 27001, as it is directly recommended in NIS2. And it was obvious to use ComplyCloud in the work towards NIS2 compliance, as the platform is built on ISO principles.

“It makes sense for us to follow ISO 27001 and its controls as we have many international customers. And we've come quite far with the NIS2 work. So, we're aiming to be NIS2 certified in the second quarter of 2025.”

Karsten Markmann
Head of IT at Bizbrains

The NIS2 Directive aims to protect critical infrastructure and EU citizens from cyber-attacks. In doing so, NIS2 sets out a series of minimum requirements to strengthen cybersecurity in the EU.

Has never looked back since

Although Bizbrains benefited greatly from Karsten Markmann's compliance solution in the beginning, he’s grateful that he can now handle both GDPR and NIS2 compliance in ComplyCloud.

He has no doubt what it would otherwise require of him now that Bizbrains doesn't have the luxury of an in-house legal department:

“I don't want to go back to running these things manually. It would be a burden for me. Especially because we couldn't ensure our compliance - we simply wouldn't be able to get around it all. You need to have a tool that can help you - and ComplyCloud does that brilliantly.”

Karsten Markmann
Head of IT at Bizbrains

Want to learn more about how we can also help your organization in your work with GDPR and NIS2 compliance? Let’s set you up with one of our experts.