How Velux Built a Strong Foundation for GDPR

Jacob Kjeldgaard Olsen, senior director of strategy and change at Velux
Jacob Kjeldgaard Olsen

May 25, 2018—the deadline for compliance with the European Union’s General Data Protection Regulation (GDPR)—looms large on the horizon. How are businesses meeting the challenge? Jacob Kjeldgaard Olsen, senior director of strategy and change at Velux, discussed the importance of having the right foundation to comply with GDPR at Workday Rising Europe.

Three factors drove the Danish skylight manufacturer’s decision to roll out Workday’s cloud-based human capital management application. The first two are consistent with other high-growth Workday customers: a single system that could manage data on Velux’s 10,000 employees across 40 countries, and the ability to provide its leaders and managers with better data so they can make faster, more accurate business decisions.

Yet, the third element in the mix is one that many businesses are struggling with—GDPR. Gartner predicts that even by the end of 2018, more than 50 percent of companies affected by GDPR will not be in full compliance with its requirements. Back in March 2016, at the same time the two-year GDPR adoption period kicked off, Velux was preparing to start its Workday deployment after an evaluation of the way it collects, manages, and stores information on employees.

Building the Foundation for Compliance

The Velux story is a familiar one for many businesses: ambitions for growth and expansion, yet no global system and no global processes. Even without the challenge of GDPR, compliance and people management was a headache for Velux, stemming from multiple systems and disparate data across the organization.

“Our vision was to have Workday replace most of these systems and give us the foundation to get to GDPR compliance.”
—Jacob Kjeldgaard Olsen, senior director of strategy and change, Velux

“Some employee data was in HR systems, some of it was in spreadsheets and databases,” said Olsen. “So, we had lots of different tools and systems that were used locally. Some of our locations would have a reasonable set of processes and software. Some would have only the most basic.”

“It’s very hard to collaborate in an environment that looks like that. It’s even harder to start thinking about GDPR. Our vision was to have Workday replace most of these systems and give us the foundation to get to GDPR compliance,” he said. 

Getting Data Migration Right

One of the biggest challenges facing Velux was the migration of data from its older systems into Workday. In fact, this transition took place in three rounds. The first round focused on limited data from limited locations, to create prototypes for data migration. The two subsequent rounds incorporated more data, along with learnings from the first round.

“Getting data migration right was a huge part of the job, and not optional,” he said. “We had data in many different formats. A lot of data was not readily available in formats that could be used. Definitions were different and so on, so we almost had to start from scratch. Some of this information could be copied, but much of the effort was manual and this should not be underestimated. It is important for GDPR that businesses get this right.”

Going Live and the Countdown to May 2018

Velux went live with Workday in February 2017, with the 11-month rollout running on time, on budget, and to the scope originally planned. The deployment put in place the foundation Olsen needed for GDPR compliance, providing not only global management of employee data but also building the business processes and documentation needed to support future compliance needs.

“We now have a foundation to being compliant with employee data, to manage information about our people, globally, in a professional way,” he said. “And as we continue to develop globally, there’s an increased need for sharing people data across borders—something that can be very hard to do without a foundation like this.”

GDPR as a Catalyst for Business Change

While the risks and potential challenges of GDPR are widely touted, for Olsen, the impending regulation also provides an opportunity for positive organizational change, such as increased collaboration, user adoption, process streamlining, and opportunities for value creation.

Olsen’s parting advice for others going through this process: Take a firm grip on data governance and place it at the heart of any deployment project, and transition data management ownership to operations immediately after go-live.