Strengthening Cybersecurity and Data Management at Bloomtree Technologies

Project at a Glance

Program

SMV:Digital

Duration

2024

Countries

Denmark

Focus Area

Cybersecurity, GDPR compliance, data management, cloud security

Beneficiary

Bloomtree Technologies, Denmark

Why This Project Matters

Bloomtree Technologies is a specialist asset solutions provider, dedicated to circular IT lifecycle management — from deployment and decommissioning to resale, recycling, and repurposing. The company recently expanded from B2B resale into direct-to-consumer sales via a webshop, handling sensitive data such as customer information and credit card details.

This shift created new challenges: ensuring GDPR compliance, managing user access securely, and defending against cyber threats. An attempted hacker attack underscored the urgency of strengthening security across all devices, emails, cloud tools, and digital infrastructure. Building trust with B2B partners and consumer customers required a robust approach to data ethics and IT security.

Our Approach

With support from Aalborg Institute for Development through SMV:Digital, Bloomtree Technologies launched a cybersecurity and compliance project to build stronger digital foundations:

Penetration Testing – identifying vulnerabilities in systems, devices, and the new webshop, creating an action plan for security improvements.
GDPR Compliance Framework – establishing policies and operational processes for data collection, handling, and retention to meet EU regulations.
User Security Management Plan – onboarding training, access controls, and procedures for handling sensitive data.
Cloud Security & Segmentation – strengthening the infrastructure, segregating components, and managing user access to ensure confidentiality.
Website & Infrastructure Security – reviewing the Shopify-based webshop and underlying systems to ensure compliance with GDPR, Danish consumer law, and cybersecurity best practices.
Certification Preparation – aligning processes and practices toward readiness for D-mærket (D-label) certification in the future.

Results

Comprehensive penetration testing and a clear roadmap for improving cybersecurity.

Stronger GDPR compliance framework and updated policies for data handling.

Onboarding and training programs to build a security-aware culture.

More secure cloud infrastructure and improved access management.

Strengthened customer trust and preparation for formal certifications.

Aalborg Institute for Development’s Role

As the SMV:Digital supplier, AID provided strategic advisory services, guided penetration testing, and helped implement GDPR and cybersecurity best practices. Through workshops and tailored recommendations, we ensured that Bloomtree Technologies gained both the technical safeguards and the internal competence to maintain digital responsibility.

Looking Ahead

With a fortified IT infrastructure, GDPR compliance, and a clear security strategy, Bloomtree Technologies is now well-positioned to continue its growth in both B2B and direct-to-consumer markets. By prioritizing digital responsibility and transparency, the company strengthens trust with partners and customers while advancing toward certification.