GDPR touches virtually every organization that processes personal information such as names, phone numbers, bank account numbers, personal identity numbers or postal addresses. Many organizations may even be facing problems that sounds almost invincible, because personal data has been stored in dozens or hundreds of systems without thoroughly considering the consequences.
What if a customer or employee should request a report, should want to move their data or become “forgotten”? How would such a report be created or how would such a measure be implemented in a reasonable time and work load frame? How many staff would be needed if you have a customer database of over 500,000 or a million records with data sitting across multiple systems? Panic sets in. Well, manually certainly it just is not feasible at all. IT development could be an option, but it comes at a high cost.
Fortunately, the software robot has been invented. It is a digital worker who loves such routines and thrives in the midst of many IT systems. For the robot it is not a problem to create the same report about the same thing again and again, thousands of times each day. And it does not forget to check the fiftieth target system even if the phone rings at the critical time.
Did you know that 69% of UK businesses are “inadequate in their preparation for the regulation’s indoctrination”?1 You may have the resources to conduct an audit in-house or recruit an outside organisation to help with this. These outside partners will provide you with a process assessment and advise where the compliance issues exist. Check references to see if these prospective companies have successfully handled companies in not only becoming compliant, but also in keeping compliant with changing regulations. How will this help in accessing the data?
Non GDPR Compliance Fines
Many business and security leaders are concerned about the potential for stiff fines associated with a violation of the EU General Data Protection Regulation (GDPR), and for good reason: Organizations face fines ranging from 2 to 4 percent of their annual global revenue (or up to 20 million euros, whichever is greater) depending on the seriousness of the violation.
There are two types of data: what you see and what you don’t. Think of these as your systems of engagement (website, email, paper, etc.) and systems of record (your ERP, CRM, databases, filing cabinets, etc.). This is typically what businesses regard as gap analysis, auditing the quality and quantity of data
The systems of engagement, also known as customer-facing data, will be easier to uncover, update and manage. It’s likely your organisation has invested in current automation technology to communicate and engage with customers, such as onboarding and other products and services.
This customer-facing data will need to undergo transformation, changing legalese into basic business language. Plus, you’ll need to create an additional layer of transparency for the customer, including easy opt out and information on how their data is being used (and secured). Speaking of security, you will also need to integrate a multichannel notification process in the event of possible data breach.
And what about the data you can’t see?
This hidden data is tucked away in your systems of record. Like most organisations, this legacy system(s) is probably more than a decade old. While data might be excavated from this system from time to time, it’s now more important than ever to uncover customer data that is lurking in the shadows. If you haven’t taken the leap to integrate these legacy systems with your current technology platforms, now is a good time to invest in it.
RPA – The Life Saver
Think of RPA as the employee that never sleeps, never takes a holiday and doesn’t make errors. It’s built to automatically verify and check a customer’s information and identity across multiple external sites and applications. What would normally take half an hour for a typical employee to gather this data takes about 2 minutes with RPA, dramatically improving efficiency and accuracy. Of course, RPA can be used in a variety of other tasks, such as automated notification of a data breach, triggered by an internal alert you create; answering customer queries about how their information is being used; or providing proof that a customer’s personal data has been removed from line of business systems.
Whether your organisation is located within the UK, EU or anywhere else, if you have customers, partners or suppliers that reside in the EU, the GDPR regulations apply to you. The cost of non-compliance can mean either staying in business or closing your doors. Don’t let your organisation become part of the 24% who won’t become GDPR compliant by May 2018.