Context & objectives
JYSK is a Danish group specialising in furniture and interior and exterior decorative accessories, with an international presence including operations in France. The company has over 10,000 employees worldwide and achieves annual revenue of 3.3 billion euros. Within the context of implementing the GDPR, JYSK decided it needed the support of a French partner for its entities in France.
The main challenge facing JYSK is to ensure that it complies with the GDPR.
For Netsystem, the challenge was addressed in three stages:
- Raising of awareness among management and the departments in order to enhance work processes and answer questions from employees.
- Audits of the various departments (Marketing, HR, Sales, etc.) in order to identify the various forms of personal data processing including the related risks, notably via a mapping exercise covering processing and applications. During such audits, particular attention is paid to the existing security mechanisms employed to protect personal data. The gap analysis conducted on the current vs target situation leads to the production of a roadmap which can be adapted to the company’s own pace, incorporating legal, technical and organisational components.
- Assume the role of DPO: representation of JYSK with CNIL and other interested parties, implementation of the roadmap, regular reports to management on the status of data protection within the company, employee awareness and revision of all relevant documentation.
- JYSK is in compliance with the GDPR and French data protection legislation
- Employees are aware of the issues and are able to react in an informed manner and with greater responsiveness
Key sucess factors
The success of the assignment is a function of the high level of involvement in the project of all the company’s employees and departments.
Testimony from two Netsystem employees
Laura Bechadergue (Data Law Consultant) and Daniel Castejon (Expert IT Consultant)
“Outsourcing the DPO function is a challenge for companies deciding to use DPOsystem as it is a delicate issue, both in terms of the nature of the processed data (some of which is sensitive) and of the problems understanding EU regulations. At Jysk, it all happened somewhat differently: the department managements encouraged their personnel to actively participate, enabling us to run the workshops in a collaborative and constructive spirit. This is one of the key success factors of this assignment.” “