We had the pleasure of speaking to Peter Mikulic (CEO), and Karin Wennbo (Head of IT and GDPR Project Manager), at Folkuniversitet.
We discussed their compliance journey and how DPOrganizer is helping them achieve their data protection goals.
Tell us about Folkuniversitet.
Peter: Folkuniversitet is one of Sweden’s largest educational institutions, focusing on continual education for adults, as well as on specialized secondary education. Our mission is to facilitate lifelong learning in all areas of study and culture. Many people come to Folkuniversitet to study anything from French, to pottery or modern dance. All in the spirit of self-development and lifelong learning.
We have over 40 centers in Sweden and in 4 other learning centers throughout europe.
What has been your greatest GDPR challenge so far?
Peter: Our greatest GDPR challenge has to do with our organizational structure. We are not very centralized: our departments and schools enjoy a high degree of autonomy; decisions are made in a decentralized manner. To implement GDPR we have had to be more unified on our approach.
Karin: From a GDPR perspective, we have quite a large variety of data subjects categories, data processors and vendors to manage. It was also realizing that personal data and data protection affects almost every aspect of our business.
How has your GDPR compliance project impacted your organization?
Peter: I think this gave us an opportunity to look at the way we organize our business as a whole. We also educated ourselves as an organization on the importance of data protection and how it impacts our day to day activities.
Karin: We also do work to reassure our students and employees about their privacy. We want to make everyone feel confident and trust that we are handling their personal data responsibly and in their best interests.
How do you communicate with your students, clients and employees about GDPR?
Karin: We are working on a GDPR page for our public website. We will also be installing the Transparency Widget onto our page so that data subjects can automatically obtain a detailed report about what information we hold, why we hold it and for how long.
What made you choose DPOrganizer?
Peter: GDPR is huge undertaking. We quickly knew we needed to have the right tools for the task at hand. We started our data mapping in Excel and soon realized we needed more functionality and ease-of-use.
Above all, we made a decision based on the long term demands of data protection management. GDPR requires ongoing maintenance, so we wanted a tool that would help us maintain compliance in the future. DPOrganizer delivered with their practical solutions for scheduling reviews and automating tasks.
Karin: The first thing we noticed about DPOrganizer is how easy and intuitive the process is. During our mapping, were were guided with questions along the way that helped us understand what we were doing. With detailed explanations and definitions available, we felt confident and sure that we were on the right track with our compliance project.
Do you have any tips for a company that is about to start its own GDPR project?
Karin: I think that taking the time to conduct internal surveys is a great starting point. It not only lets you understand where personal data is processed. It also puts you in touch with key individuals in the organization that you may not have had contact with previously.
Educating the organization is also key. Getting top management onboard was important for providing the support needed to move forward with your project.