"It costs 6-13,000 EUR to have a TIA made by lawyers – now, I can export it from ComplyCloud myself."

IN THIS STORY
USE CASES
GDPR
ISAE 3000
ISAE 3402
TIA
INDUSTRY
Software
COMPANY SIZE
MID-MARKET
ABOUT THE COMPANY

TimeLog is a software company, offering specialized solutions for time tracking and resource management. Founded with a focus on helping companies streamline their work processes, TimeLog offers user-friendly tools for time tracking,  resource planning, and budgeting for companies who invoice their time.

SHARE:

In early 2021, Solaleh Vogdrup-Schmidt, Head of People & Culture and Compliance at TimeLog, was tasked with strengthening the company’s GDPR compliance.

TimeLog had grown over the past year and decided that the company needed to be even more mature in data security:

“Our goal was clear: We needed ISAE audit reports, including 3000 and 3402, to enhance our compliance with GDPR.”
Solaleh Vogdrup-Schmidt
Head of People & Culture and Compliance at TimeLog

There were several reasons why TimeLog chose to focus more on their level of data security.

Firstly, the private equity fund that had invested in TimeLog asked for higher security as TimeLog grew.

Also, there was a higher demand and interest in TimeLog’s data security among customers:

“A lot of companies were asking the same questions about how we handled their data with us. I had to answer the same questions over and over again, which took up a lot of my time.”
Solaleh Vogdrup-Schmidt

To document TimeLog’s compliance to potential customers and management, an ISAE 3402 audit report would be worth its weight in gold for Solaleh Vogdrup-Schmidt.

It would also save her a lot of time; she wouldn’t have to do the documentation from time to time but would have it ready in advance.

An ISAE audit report is made by an independent auditor that evaluates a company’s internal control environment and processes. Organizations use ISAE audit reports to demonstrate that they have effective controls in place to manage risk and meet regulatory requirements such as GDPR.

The need was great but time was short

Solaleh Vogdrup-Schmidt and the team started looking for a solution to support their ISAE 3000 audit report. But time to find it was running out:

“I was under time pressure because I had a four-month deadline to get all documentation and policies in place.”
Solaleh Vogdrup-Schmidt

In addition to the ISAE audit reports, Solaleh Vogdrup-Schmidt was looking for a solution that could strengthen the daily work with GDPR in general.

For example, there was a growing demand from customers on how TimeLog’s data in some cases was processed outside the EU borders.

Therefore, Solaleh Vogdrup-Schmidt also had to ensure a TIA (Transfer Impact Assessment).

A TIA (Transfer Impact Assessment) is a process of assessing the impact on data security when sharing personal data with a country outside the EU/EEA. It’s about ensuring that personal data is protected when sent to countries that may not have the same data protection laws as the EU.

It was clear to TimeLog that there was a need for legal expertise, but also that preparing the ISAE audit reports, making TIAs from scratch, and doing general GDPR work would be very costly.

Therefore, Solaleh Vogdrup-Schmidt started looking for solutions on the market.

Documents 'on-demand' were essential

TimeLog explored various options to reach their goal of boosting their maturity level. However, they quickly realized that using legal consultants would be too expensive, so they started looking for IT solutions as an alternative.

Solaleh Vogdrup-Schmidt knew that they had to prepare a multitude of different GDPR documents and were therefore looking for a solution that could be used to create legal GDPR documentation, among other things.

The final choice was ComplyCloud, as Solaleh Vogdrup-Schmidt saw the best value for money here. She also saw ComplyCloud as the only solution on the market that could automatically generate legal documentation:

“I can see that our customers are asking for legal documentation, so I need to have the documents in ComplyCloud to be more trustworthy in the eyes of our customers.”
Solaleh Vogdrup-Schmidt

Huge savings

TimeLog chose ComplyCloud as their GDPR solution due to several factors:

Besides supporting Solaleh Vogdrup-Schmidt in her daily GDPR work by automating data processing agreements (DPAs), risk assessments, and other important documents, the solution also ensured peace of mind in complying with regulatory requirements.

With this standardized approach, they were able to meet customer needs and build trust through compliance documentation such as TIAs:

“Normally you need legal help to create TIAs, but it easily costs 6-13,000 EUR to have a TIA made by lawyers – now, I can export it from ComplyCloud myself. This supports a large part of my compliance work.”
Solaleh Vogdrup-Schmidt

Solaleh Vogdrup-Schmidt also emphasizes the legal counseling as well as the number of working hours TimeLog saves by using ComplyCloud:

“It’s clear that ComplyCloud is built by legal experts – so, it gives me peace of mind and confidence that I’m doing my GDPR work correctly. I would say that I save 5 hours a week on GDPR work by using ComplyCloud.”
Solaleh Vogdrup-Schmidt

Want to learn more about how we can help your organization become GDPR compliant? Set up a meeting with us here.