If you’re a company that is handling any data provided by European citizens then you should already be well aware that the General Data Protection Regulation (GPDR) comes into effect later this month.
The laws aim to restrict the use of data from European citizens for nefarious use and non-compliance can lead to heavy fines of €20 million or 4 percent of annual global turnover – whichever is highest.
The reach of the GDPR is immense and everything from a name to a photo even an IP address could count as data from a European citizen.
“A remarkable number of businesses haven’t yet prepared for GDPR, or for that matter, other new regulations such as POPI [Protection of Personal Informatiuon],” Force Solutions manager at thryve Riaan Bekker tells htxt.africa.
Research from Gartner in 2017 reveals that more than 50 percent of companies that are affected by the GDPR will not be compliant with regulations by the end of 2018.
“It’s tempting to blame negligence,” says Bekker, “but I think often businesses are intimidated by the complexity. One way to address this is to get specialists in, but that will be expensive and solves a problem.
It doesn’t always introduce a new capability. Using technology, on the other hand, can cut through the red tape and also create a platform that the business can use to improve its competitiveness.”
The manager explains that GDPR may yet present an opportunity for business to become more agile, as it requires them to abide by new regulations.
An agile approach to business in this instance means being able to comply with any new regulations as and when they come into effect.
Choosing the right technology to keep your business going can assist in this agile approach to business.
In a bid to help business owners make better decisions about software that can help with regulations such as GDPR Bekker outlines nine features that you should look for in certain technologies and processes your business uses.
- Process and systems inventory technologies – The platform should be able to identify your various processes and systems and establish data ownership over them.
- Internal Audits – Risk managers should be able to create questionnaires, workflows, and notifications that help them audit the business and its third parties.
- Issue and action management technologies – The technology should help the process of creating detailed action plans in case of events, such as a data breach.
- Regulatory interaction – Confidently interact with both regulatory and internal stakeholders while ensuring you have a single truth of the data.
- Management of Contracts and Corporate Policies – Know what all the related contracts and policies are by giving them a central home within the platform.
- Ongoing data sharing request management – The sharing of specific data can be automated while within regulatory limits.
- Data request management and governance – Using the right platform, any request for information can be processed within the approved regulations.
- Vendor risk management – Best of breed risk aggregation platforms should extend to third parties and help manage their own data security access needs.
- Reports and dashboards – From analytics to audit trails, the platform should provide clear and reliable visibility of data security activities.
Not all of these features will apply to all business but it does give you the opportunity to access your current state of affairs and improve them where necessary.
“Regulations such as GDPR are just more indications of how the world is changing. Speed, automation, and intelligence are becoming the crucial ingredients for business success, but that means the gaps between opportunities are closing,” explains Bekker.
While GDPR requires some work to ensure compliance it has the added benefit of giving owners a better view of where processes can be streamlined or done away with completely. The right technology can also make a firm’s workflow better.
Truth be told while GDPR is daunting, compliance is a way to not only avoid massive fines but also improve your business and make it more agile to instances of risk.
GDPR comes into effect on 25th May.
[Image – CC BY 2.0 ConvertGDPR]