As a trade union for food and nutrition, Kost og Ernæringsforbundet is an organization that processes sensitive data about its members. This places strict demands on their GDPR compliance:
“Everything we process is subject to Article 9 of the GDPR – so there simply can’t be any loopholes in our GDPR compliance.”
Lida Akiode
GDPR Manager and Legal Senior Consultant at Kost og Ernæringsforbundet
Lida Akiode’s work includes implementing and integrating GDPR policies and guidelines throughout the organisation.
She makes sure that all procedures comply with the legislation, while the trade union provides legal advice to its members.
Article 9: Processing of special categories of personal data
According to Article 9, data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, health data, and sexual orientation require special protection.
Like juggling many GDPR balls with one hand
Lida Akiode was hired to structure the organization’s GDPR efforts and to set up internal processes.
But that wasn’t the only thing: There was also a need to be able to present documentation of GDPR compliance to supervisory authorities and to present reports to management.
However, it soon became clear that juggling all those GDPR balls was impossible without a system or external help.
Because of Article 9 and the organization’s need for comprehensive GDPR compliance, the task would be particularly time-consuming for Lida Akiode. Therefore, Kost og Ernæringsrådet started looking for a solution that could help them navigate the GDPR requirements effectively.
Had demands on usability, legal expertise, and IT security
Kost og Ernæringsforbundet had several considerations in mind when choosing a system and a partner to ensure their GDPR compliance:
They were looking for a system with a high level of usability and detail that could further give a clear overview of the compliance level and documentation of this to management.
It was also important that the compliance partner understood the specific legal obligations of trade unions and what they would mean for them in practice.
Last but not least, the tool needed to support IT security measures that met international standards and requirements:
"We didn’t ‘only’ need a system that could strengthen our GDPR compliance but also our IT security. It was therefore a requirement on our part that the tool could implement IT security safeguards to ensure compliance with ISO standards, especially ISO-27001, and possibly prepare us for ISAE 3000 and ISAE 3402 assurances."
Lida Akiode
Chose ComplyCloud for 4 reasons
Kost og Ernæringsforbundet went with ComplyCloud as their compliance solution and partner. There were four reasons why:
Reason #1: Simplified compliance process
ComplyCloud made the compliance process simple. Among other things, in relation to the implementation of GDPR and as an aid to better understand the practices of the Danish Data Protection Agency:
“ComplyCloud’s user-friendliness, legal details, and the comfort of being guided through GDPR have been a huge advantage. You don’t have to decide the structure of your work or invent what order to use when making a record. It’s 80% faster than if we had to make sense of GDPR Articles 30 and 9 ourselves.“
Lida Akiode
Reason #2: Automated tasks
It was also an update that ComplyCloud ensures automatic tasks and deadlines that follow up on all procedures and policies.
In-depth questions at each task, including control of compliance with policies and processing activities, give Lida Akiode a deeper understanding of how the organization works and the data it processes.
Reason #3: Detailed insight and reporting
With the ability to create detailed reports and insights, ComplyCloud has helped Lida Akiode identify weaknesses and stay on top of areas for improvement in the organization.
The compliance dashboard and reports in ComplyCloud also ensure that the Food and Nutrition Council can take the ‘temperature’ of their compliance on an ongoing basis:
“It makes all the difference that we can get an overview of our compliance level – and at the same time show it to management and the board.“
Lida Akiode
Reason #4: Compliance with international standards
The fourth reason for choosing ComplyCloud was that the solution ensures compliance with ISO 270001 and brings Kost og Ernæringssamfundet closer to ISAE assurances.
With Lida Akiode at the helm, Kost og Ernæringsforbundet has achieved robust and efficient GDPR compliance that not ‘only’ fulfills the regulatory requirements, but also strengthens their internal processes and security.
Want to learn more about how we can help your organization become GDPR compliant? Set up a meeting with us here.