The most serious data security crisis of 2020 was a stark reminder of how important it is to comply with laws and regulations, particularly when processing personal data. 

All companies have a responsibility to act in accordance with laws and regulations. The Vastaamo data breach showed how important compliance is for companies. As well as being a statutory obligation, good compliance is a selling point.

At NordCheck, we want to change organizations’ perceptions of compliance. In addition to following rules, risk management, and quality control, compliance is about being able to act more ethically, responsibly, and in line with the principles of sustainable development.

Errors and omissions in the processing of patient data

Vastaamo was guilty of negligence in the processing of patient data. The company failed to comply with the GDPR and data protection legislation and did not adequately secure patient data. 

There was serious neglect of data protection: for example, the company had emailed invoices, with unsecured personal ID codes, to at least some of its customers. The Office of the Data Protection Ombudsman has stated that companies must not use personal identity codes in invoices.

Numerous other deficiencies, omissions, and faulty procedures were observed in Vastaamo’s activities. It initially kept the authorities in the dark about the theft of patient data and data security breaches. The data breach was also concealed from Vastaamo’s new owner.

Open and effective communication is vital

At NordCheck, we believe that companies must communicate effectively with customers on even the toughest compliance issues. Companies must understand each customer’s situation and be capable of creating new service processes quickly, but still comply with even the strictest legislation and provide up-to-date, correct information for customers. 

This concerns a statutory obligation to handle data security on behalf of customers, an obligation which Vastaamo neglected in its actions and omissions.

Far-reaching consequences of negligence

As the Vastaamo case shows, poor management of compliance issues can have serious consequences for a company and its customers and owners. 

Alongside serious damage for customers, incidents such as data breaches can lead to a collapse in a company’s market value, making it a wasted investment.

If compliance management is given second place, the risk of non-compliance increases.  Automated, comprehensive compliance management minimizes the risk of human error and enables companies to stay abreast of requirements. 

Business owners should ensure that their companies have effective compliance processes and practices, and effective risk management and reporting.

Now is the time to act!

Companies must be able to provide up-to-date information on potential problems and secure adequate and effective means of remedying them. 

If a crisis occurs, the management and board must have adequate means of immediately obtaining up-to-date information on the company’s operations. They also need effective means of rectifying the situation and providing correct and precise information quickly, based on the facts. To establish such processes, companies need good training and guidance, very quickly. 

We, at NordCheck, are experts in risk management and compliance. Good compliance management can even prevent a crisis like the one that struck Vastaamo, so now is the time to put compliance in order in your company!

Written by Kai Linnervuo, COO and Founder of NordCheck 

Photo: Tima Miroshnichenko / Pexels