GDPR Part 2: Early steps in the compliance journey
May 31, 2018
We kicked off this 3-part series, “GDPR: Game-changing mandate and why you need to prepare,” on May 30 with Part 1 looking at what GDPR is, who is affected, and the opportunities. Today, we continue with a deeper dive into preparing for GDPR compliance. This includes insights about upgrading your ERP solution and modernizing your processes to better accommodate today’s heightened focus on data security and create competitive differentiation.
By Peg Rodarmel, SVP of Infor Digital Cloud Sales
We’re entering a new era of data integrity and protection. Many industry pundits are heralding the General Data Protection Regulation as the game-changing regulation that will usher in this new era. GDPR was passed by the EU in 2016, and enforcement began May 25, 2018.
IDC explains the high stakes in a recent report, stating, “The General Data Protection Regulation (GDPR) represents the biggest change to EU data protection and privacy legislation in three decades. The impact on organizations globally is profound, because the risk in dealing with personal data escalates to a level comparable with anti-money-laundering and anti-bribery and corruption legislation. A fine of 4% of global annual revenue is possible, and introduced are mandatory breach notifications, class-action lawsuits, and the suspension of processing personal data (including employee payroll and customer information), effectively stopping a business from trading.”
Why you need to act
If your company is not a large enterprise located in Europe, you may be skeptical that GDPR applies to you. You may be taking a “wait and see” approach. A closer look at the facts, though, will help you see you are likely to be affected, and immediate action, rather than waiting, will be prudent.
There are several reasons why businesses, large and small, worldwide are paying close attention to this regulation, and acting with timely proactive steps. First, the fines for noncompliance are steep. But, perhaps more importantly, customers expect—and deserve—the level of security and data scrutiny required by GDPR. Data breaches can be disastrous, eroding the trust relationship you have worked so hard to build. As e-commerce increases and, now, data collected from the Internet of Things (IoT) becomes more prevalent, customers are keenly aware of the issues and the need for data security and strong data policies.
You can turn this into an advantage. By being forthcoming and proactive about security issues, you can stand out from the competition and prove to customers your dedication to this important topic. You can build loyalty with your customers.
Many would argue that businesses should have been vigilant and conscientious about privacy, security, and access to personal data all along. But, the pace of change has made it difficult for companies, as well as regulating agencies, to keep pace with realistic expectations and standards. IoT applications have added a layer of complexity—and, sometimes, ambiguity. When objects, like appliances and cars, generate data, questions are bound to arise. For example, who owns the data your car generates though embedded sensors? Such thought-provoking questions will push us into careful consideration before we launch new products and processes. Data management can no longer be an afterthought. Rather, it must become a part of company culture.
Cloud technology keeps pace with change
Current security discussions must go beyond GDPR specifics. Organizations should be reviewing processes and making sure their systems keep pace with change. IDC says, “GDPR represents a substantial change in the corporate behavior of an organization. It therefore cannot just be a project, in the same way that the Y2K challenge was a project. There is no end date or closure.
GDPR must therefore be considered as a program of change that will eventually be subsumed into corporate practice.”
Security and data privacy will continue to be at the forefront of debate long after GDPR compliance is met. GDPR is just one mandate. More are coming. As applications, especially IoT use cases, continue to expand, new guidelines or mandates also will be enacted. As bio-centric applications, like retina scans for security clearance, become more mainstream, another set of protocols and definitions will become part of your business processes.
Cloud technology makes security compliance easier. With cloud deployment, your application is always modern, meaning it is continually updated by the service provider as innovations and new security features are developed. You no longer need to wait for a major upgrade and go through an implementation process that takes months. With cloud computing, you can keep pace with new mandates, like GDPR, as they are issued.
How do you prepare for GDPR?
If you have not already upgraded or replaced your ERP solution in preparation for GDPR, you need to take some immediate actions. Other software solutions, such as your HR and customer management solutions, should also be brought up to date. Any solution that incorporates customer data is subject to GDPR compliance and should be reviewed for compliance. GDPR Newscenter offers this advice for companies beginning their journey:
- Select partners – legal, technical, and strategic – that can assist with GDPR compliance
- Determine if you have EU customers or handle data from partners and customers that do
- Plan a long-term GDPR strategy. It’s not a one-time action
- Consider all the data your business collects, processes, and stores
- Look closely at how personal data is stored. Consider corporate intellectual property as well
- Remember, data moving across your network might be most vulnerable
- Use GDPR compliance as an incentive to address other operational inefficiencies
GDPR compliance is an opportunity to review operational processes, make improvements, and build trust relationships with your customers and prospects. Your efforts can go far beyond just meeting the bare minimum for GDPR mandates. Instead, you can view this as a time to differentiate yourself and make investments in technology, like cloud solutions, that will allow you to continually keep pace with change. GDPR is just the beginning of this new era of heightened awareness about data security. Be ready.
For more information about Infor solutions and how they help you remain relevant, check out the white paper “Cloud security and your enterprise.”
The GDPR series
Peg Rodarmel is responsible for global programs motivating customers to modernize and move to the cloud. She focuses on partnering with customers to help them understand the benefits of digital transformation for their businesses. Her team connects customers with the vision of what is possible with cloud solutions including IoT, AI, the connected network, and predictive analytics, all built on a solid foundation of Infor CloudSuites to deliver business outcomes and last-mile functionality specific to our customers’ industries.