Optimising GDPR and information security: Construction industry identifies 20 unnecessary suppliers

By 
Jacob Høedt Larsen
February 15, 2021

Ordrestyring helps craftsmen digitise their business and has within its 10 years optimised more than 2,000 construction companies throughout the Nordic region. Numerous electricians, plumbers, carpenters, masons, painters, locksmiths, sewage workers, landscapers and contractors put their trust in the company Ordrestyring. GDPR and information security have not been prioritised within these industries, Mikkel Leffers Svendstrup explains. As the market leader, he believes that Ordrestyring must recognise the severity of the problem.

GDPR: A competitive advantage

“Our current company size underlines the gravity of the issue and proves our professionalism in tackling it. Not only are we the first within our industry to comply with the rules, but we also have proof of it. It is a manifestation that we have cracked the code, thus solidifying the value of our product,” he says.

Within the market for digitisation of construction companies, Ordrestyring’s product is not sold at a low price. Mikkel Leffer's Svendstrup's customers emphasise the fact that they know that Ordrestyring will be in business in the future as well. Thus, the GDPR handling and the ISAE 3000 declaration become a competitive advantage.

Automation and decentralisation

When Mikkel Leffers Svendstrup began the GDPR work, the goal was to automate the controls and outsource the handling to the individual departments. This would decrease the heavy, administrative burdens on the company. In this context Wired Relations became relevant for the company, as the system supports their needs.

“We can automate the control tasks. This makes the day-to-day operation of GDPR easier, and has enabled decentralisation of the work across several departments,” says Mikkel Leffers Svendstrup.

Gaining control over personal data has also led to financial savings within Ordrestyring. As the company gained an overview of the IT systems being used, they were quickly able to identify 20 unnecessary suppliers. The overview also means that work with the ISAE statement will be less costly as the auditor's work will be easier.

What is ISAE 3000?

ISAE 3000 is an auditor's statement that assures data processors comply with the requirements of the GDPR the company has committed to in signed data processor agreements.

Wired Relations available for Ordrestyring customers

Ordrestyring.dk and Wired Relation’s collaboration enables Ordrestyring.dk’s customers to handle GDPR in Wired Relation’s systems.

“There are many small and medium-sized construction companies that have turned the blind eye on GDPR work. They do not comply, and thus they take a risk. The craftsmen may not be the primary target for the Danish Data Protection Agency, but the risk is there - especially if a customer complains,” Mikkel Leffers Svendstrup says.

Gilli Haraldsen from Wired Relations agrees.

“It must be relatively easy for a construction company to handle personal data. We have now made a product where they achieve an overview and are able to systemise the data once and for all,” he explains.

If you're seeking inspiration for your GDPR efforts, take a look at how it's managed in Wired Relations.