PROJECT
VGR, Västra Götalands Regionen
VGR (Region Västra Götaland) is a politically controlled regional authority that combines responsibility for public healthcare, public transport and regional development in Västra Götaland County.
Roles: Project Manager & Solution Architect
Purpose: To enable secure, legally correct and interoperable IS/IT services for private healthcare providers.
Description:
Led development, packaging and implementation of digital services linked to healthcare documentation, healthcare administration and information management with a focus on quality registers
Responsible for translating business needs into architecture and technical solutions in collaboration with IT, healthcare and external actors. Ensured that the solutions met GDPR, NIS, archive law and regional IT strategies.
ÖRESUNDSKRAFT , ÖKAB
Öresundskraft AB is a municipally owned energy company based in Helsingborg, owned by Helsingborg Municipality
Role: Project Manager & Information Security Advisor
Purpose: To ensure that the business meets legal requirements for information security and data protection according to GDPR, NIS and ISO 27000, and to establish structures for long-term management.
Description:
Led a strategic mission to implement guidelines and processes according to MSB's recommendations for NIS and GDPR, linked to the ISO 27000 standard.
Carried out needs analysis, process mapping and requirements gathering in close collaboration with operations, IT and management. Documented information flows, risks and safeguards, and designed management models for secure handling of personal data and system information.
ASSA ABLOY ENTRANCE SYSTEM
ASSA ABLOY Entrance Systems is a global provider of end-to-end solutions for automated entrances – with a focus on accessibility, safety and energy efficiency
Role: Data Protection Officer (DPO)
Purpose: To ensure the Group's compliance with GDPR and ISO 27001 and establish sustainable management of personal data processing.
Description:
Responsible for implementing and managing data protection structures, including ROPA records, DPIA processes and incident response.
Integrated GDPR into system administration, product development and information security work in line with ISO 27001.
Contributed to governance documents, internal training, and RACI models for global compliance.