Aalborg Institute for Development

Cybersecurity and GDPR Compliance at Contab Group ApS

Cybersecurity and GDPR Compliance at Contab Group ApS

Image link

Project at a Glance

Program

SMV:Digital

Duration

2024

Image link

Countries

Denmark

Image link

Focus Area

Cybersecurity, GDPR compliance, data management, staff training

Image link

Beneficiary

Contab Group ApS, Esbjerg, Denmark

Why This Project Matters

Contab Group ApS is an accounting and business consultancy firm with side activities in cleaning and transport. With 10 employees and two websites, the company handles large volumes of sensitive data — including confidential financial documents — received via email, WhatsApp, and website contact forms.

The challenge was clear: customer data was stored on personal computers, email servers, and external drives with little segmentation between business areas. Passwords were simple, MFA was not in place, and GDPR compliance was incomplete. To protect client trust and ensure compliance with legislation, Contab Group needed a full digital security upgrade and a structured data management plan.

Our Approach

With support from Aalborg Institute for Development under SMV:Digital, Contab Group undertook a comprehensive cybersecurity and compliance project:

  • Penetration Testing & Vulnerability Mapping – conducting tests on both company websites, networks, and devices to identify risks and create a prioritized action plan.

  • Cybersecurity Training – introducing all employees to basic security principles, including phishing awareness and secure password management.

  • Asset & Network Inventory – mapping IT assets, connections, network topology, wireless systems, and potential entry points for attacks.

  • Policy Implementation – introducing structured policies for passwords, software updates, firewalls, malware protection, encryption, access control, and backup.

  • Incident Response & Risk Management – creating plans for data breaches, third-party vendor risks, and business continuity.

  • GDPR Compliance – reviewing and updating data protection policies, training staff on regulations, and implementing a clear data management plan.

  • Capacity Building – appointing an internal staff member to oversee cybersecurity practices and provide ongoing employee training.

Results

A prioritized cybersecurity action plan based on penetration testing.
Stronger GDPR compliance framework and updated privacy policies.
Implementation of critical policies on encryption, access control, and data backup.
Employee training reducing human error and improving phishing awareness.
An internal champion appointed to sustain long-term cybersecurity improvements.
Increased client trust through demonstrable improvements in data protection.

Aalborg Institute for Development’s Role

As the SMV:Digital supplier, AID provided strategic guidance, penetration testing, workshops, and step-by-step support for implementing policies. Our role ensured Contab Group not only secured its systems but also built the in-house skills and procedures to continue improving security and compliance independently.

Partner 1
Partner 2
Partner 3
Partner 4

Looking Ahead

Contab Group is now significantly stronger in digital responsibility, with clear GDPR compliance, a solid cybersecurity framework, and staff empowered to maintain best practices. While no system can guarantee 100% protection from attacks, the company has made it far more difficult and costly for hackers to succeed — a major step in safeguarding sensitive financial data and maintaining customer trust.

👉 This SMV:Digital project shows how SMEs handling sensitive information can turn security and compliance from vulnerabilities into competitive strengths.

Explore more of our work

like-icon -
cookie By using this website, you agree to our privacy policy. Close