“Getting started with a project of this scale is not an easy task, especially with such a large player. Netum's experts were clearly well versed in the subject matter and had had plenty of experience in law and with similar actors,” says Ari Andreasson (pictured right). The City of Tampere selected Netum as its service provider through the KLKH-160 framework agreement.
Case: The city of Tampere got a clear framework for knowledge management and preparation of data balance sheets
When completed properly, data balance sheets are an excellent tool for monitoring and developing the use of knowledge capital related to the processing of personal data in an organization. When the City of Tampere's data balance sheets needed new guidelines, Netum's solid expertise in data protection and data security issues were able to accelerate the preparation of clear development proposals for the needs of a large organization.
Ari Andreasson, the City of Tampere's Data Protection Officer, hoped that the data analysis would help to review data protection measures in retrospect and to effectively prevent the challenges associated with knowledge management and the preparation of data balance sheets. Special attention was also paid to the fact that in the future, the leadership of the City of Tampere could more clearly outline data protection and data accounting processes as part of its organization-wide, holistic information management practice.
“While many other impact and cost assessments are carried out nationwide and in a number of organizations, data protection assessments are still less often completed. We received clear development proposals from Netum for the preparation of data balance sheets, as well as a proposal for a set of indicators that also enhances knowledge management throughout the organization,” Andreasson says.
“The data balance sheets are comparable with the financial statements familiar from financial administration, but differ in terms of the data included, such as personal data. It is a depiction of the state of knowledge management in an organization and guides the reader to systematically review and look at data protection and security issues more holistically. Public data balance sheets bring transparency to the operations of organizations and give citizens or customers the opportunity to see how information is managed,” explains Anna Tuominen, Netum's Data Protection Consultant.
Knowledge management is something all organizations should be thinking about
Although data balance sheets are not directly required by Finnish legislation, the Data Protection Commissioner, who acts as the supervisory authority, strongly recommends that they be done in organizations of all sizes.
The EU General Data Protection Regulation, which entered into force in 2018, has brought with it new legal requirements for the processing of data in various organizations. One of the key requirements of the General Data Protection Regulation is the obligation of the controller to demonstrate compliance. It is no longer enough to claim to be doing things right - one must be able to prove that with a variety of documents. Data balance sheets are a good example of such a document.
“Because the requirement to demonstrate compliance is a relatively new issue, different organizations are at very different levels of maturity in drafting and managing documents related to data protection work,” Andreasson reflects. In his view, it would be particularly important to have the highest possible level of leadership in the organization deal with data protection issues.
“It makes it easier to fix processes and manage personal information, even in large organizations. I think it would be good to be able to look back at whether there have been any problems with data management, whether the supervisory authority has had to intervene and how it has reacted since then. Even in an ideal situation, data balance sheets are not just a single document but part of a larger whole. Completing them should be a sign of continuous review and development of processes and responsiveness, for example during the review periods of the year.”
-
"Our study showed that despite the development targets, the City of Tampere is a Finnish pioneer in data protection and data security issues," says Anna Tuominen, a Data Protection Consultant at Netum.
-
“Together with Netum, we thought it would be especially good for the municipal sector to have a uniform set of metrics and a standardized way of preparing data balance sheets. It would make data protection issues more comparable and, on the other hand, more transparent to citizens,” Ari Andreasson explains.
-
Netum's data analytics expert Jani Henriksson wants to encourage organizations of all sizes to make data balance sheets and integrate them into their knowledge management. This provides transparency in the activities of organizations.
Making yout operations transparent with appropriate measures
Netum’s Data Analytics Expert, Jani Henriksson urges all organizations to develop data balance sheets and metrics for data management: “Data balance sheets bring transparency to organizations' information management and provide an overview of what and how much data is processed in organizations. Our study done for the City of Tampere emphasized in particular the need to clarify the management of these entities in large organizations that process data from up to hundreds of different sources.”
Marko Immonen, Netum's Data Protection Expert who was involved in the City of Tampere's data balance sheet project, reminds us that where data protection sets the rules for the processing of personal data, information security provides the means to protect personal data. These concepts go hand in hand, and there is no data protection without security.
In Tampere, measures have already been taken on the basis of Netum's proposals. In a large organization, change is slow, with hundreds of different systems and personal data registers.
"I am very pleased with the final outcome and that we were able to keep within our tight turn-around time. We are well placed to move forward”, says Ari Andreasson.
Marita Hämeenoja
Key Account Manager, public sector, key customers
Netum Oy
+358 40 722 8469
marita.hameenoja@netum.fi