Gdpr: A Gift to the Digital Transformation

By Steve Tassell, director of financial services solutions, Bizagi

Steve Tassell

The countdown is on. The much-discussed EU General Data Protection Regulation (GDPR) will come into force in less than a year and has the Information Commissioner’s Office (ICO) on hand to dish out punitive fines for non-compliance. Most conversations about the issue have been security-focused and riddled with consternation. It seems not a day goes by without a dooming report being published around how woefully unprepared organisations are and how they fear GDPR will put them out of business.

While fear mongering is commonplace and negative headlines take precedence, this is largely unhelpful. The fact is that GDPR isn’t avoidable – it will impact organisations of all shapes and sizes – by embracing what’s required to ready themselves, organisations can actually use GDPR to their advantage. The regulation calls for increased focus on data governance and requires a truly automated and transparent business process, which will lead to greater visibility of data availability, applicability, integrity and security. Organisations that welcome GDPR and use it as a catalyst to update antiquated business processes and to support digital transformation initiatives will gain the upper hand. Rather than being viewed as a compliance ‘tick box,’ it’s a golden opportunity to embark on digital transformation initiatives that return the customer to the heart of the business. The right blend of business process and technology holds the key to regulatory and digital transformation success.

 The right to be forgotten

The regulation specifically calls for data to be gathered transparently, used only for the collected purpose, kept up to date and accurate, security protected and deleted at the request of the individual. The latter is known as the right to be forgotten or right to erasure of personal data. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data whether there is no compelling reason for its continued processing.

Let’s look at how a bank would deal with a right to be forgotten request: a consumer requests the closure of his or her bank account, signalling the end of the relationship as the organisation no longer has a need to hold that data. The consumer implicitly states that they no longer wish to receive further marketing contact, but this information doesn’t get transferred to the relevant department as the bank is hampered by disparate and disjointed identity systems. Consequently, the same consumer ends up receiving further email marketing material about increased interest rates for a current account. This act is a breach of GDPR compliance, as well as consumer trust. What is certain is that GDPR fails such as this will be highly publicised given organisations face much higher reputational and financial punishment – up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater.

To satisfy the requirements of GDPR, and to be spared blushes, organisations must be equipped to deal with a flurry of data requests. This is only achievable if they have a single view of what data is being stored and where at all times. With data typically sprawled throughout an organisation, this is no easy task and is proving to be a major sticking point for many. The thought of having to integrate disparate systems and having them deliver information which can be understood by the wider business is a daunting prospect.

 Agility is the answer

Consumers want to be confident that an organisation is able to delete their data in a timely manner and from all systems. The need to streamline the process of dealing with data requests and having a handle on what data is held on an individual will become crucial to an organisation surviving in a GDPR world.

Technology can power much of the internal change needed to help companies be more responsive. And this is where digital platform technologies can help.Digital process automation enables organisations to implement a process ‘wrapper’ that is both agile and quick to deploy around siloed systems. The layer weaves together disconnected databases, allows legacy systems to communicate with each other and pulls out the relevant information needed on a specific customer.

By consolidating data from siloed systems onto a unified platform, organisations will gain a full 360-degree view of each customer. This visibility empowers organisations to better respond to customers’ requests, engage with them in ways they prefer and identify their needs in a moment of time. This granularity will help organisations identify shortcomings in the customer experience and unearth new ways to keep customers happy.

The piecing together of disparate systems into a single, unified flow of information can be used and understood by anyone – from the customer to the data controller. Customer data, no matter what system it is being held on, will become readily available to those who require it whether that be the ICO or individual customers. Automation puts the organisation in control of incoming requests and enables end-to-end governance, providing CEOs with peace of mind that the risk is understood and being appropriately managed across the business.

 Empowering the consumer

In an age where data misuse and mistrust is at an all-time high, GDPR hands significant power back to the customer by strengthening the rights of individuals to control their own data.

The regulation demands that organisations place strategic imperative on digitising operations to become more customer-focused, responsive organisations. GDPR presents an opportunity for organisations to enhance their existing systems rather than replace them. Digital process automation brings disconnected systems together, consolidates fragmented data and empowers employees with connected systems and information to better serve customers.

New technologies and capabilities that can deliver information at the right time and are customer-centric will provide a competitive edge. As with any legislative shakeup there will be winners and losers, and those that best accommodate these changes will be the ones that will come out on top.

By Steve Tassell, director of financial services solutions, Bizagi

Steve Tassell

The countdown is on. The much-discussed EU General Data Protection Regulation (GDPR) will come into force in less than a year and has the Information Commissioner’s Office (ICO) on hand to dish out punitive fines for non-compliance. Most conversations about the issue have been security-focused and riddled with consternation. It seems not a day goes by without a dooming report being published around how woefully unprepared organisations are and how they fear GDPR will put them out of business.

While fear mongering is commonplace and negative headlines take precedence, this is largely unhelpful. The fact is that GDPR isn’t avoidable – it will impact organisations of all shapes and sizes – by embracing what’s required to ready themselves, organisations can actually use GDPR to their advantage. The regulation calls for increased focus on data governance and requires a truly automated and transparent business process, which will lead to greater visibility of data availability, applicability, integrity and security. Organisations that welcome GDPR and use it as a catalyst to update antiquated business processes and to support digital transformation initiatives will gain the upper hand. Rather than being viewed as a compliance ‘tick box,’ it’s a golden opportunity to embark on digital transformation initiatives that return the customer to the heart of the business. The right blend of business process and technology holds the key to regulatory and digital transformation success.

 The right to be forgotten

The regulation specifically calls for data to be gathered transparently, used only for the collected purpose, kept up to date and accurate, security protected and deleted at the request of the individual. The latter is known as the right to be forgotten or right to erasure of personal data. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data whether there is no compelling reason for its continued processing.

Let’s look at how a bank would deal with a right to be forgotten request: a consumer requests the closure of his or her bank account, signalling the end of the relationship as the organisation no longer has a need to hold that data. The consumer implicitly states that they no longer wish to receive further marketing contact, but this information doesn’t get transferred to the relevant department as the bank is hampered by disparate and disjointed identity systems. Consequently, the same consumer ends up receiving further email marketing material about increased interest rates for a current account. This act is a breach of GDPR compliance, as well as consumer trust. What is certain is that GDPR fails such as this will be highly publicised given organisations face much higher reputational and financial punishment – up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater.

To satisfy the requirements of GDPR, and to be spared blushes, organisations must be equipped to deal with a flurry of data requests. This is only achievable if they have a single view of what data is being stored and where at all times. With data typically sprawled throughout an organisation, this is no easy task and is proving to be a major sticking point for many. The thought of having to integrate disparate systems and having them deliver information which can be understood by the wider business is a daunting prospect.

 Agility is the answer

Consumers want to be confident that an organisation is able to delete their data in a timely manner and from all systems. The need to streamline the process of dealing with data requests and having a handle on what data is held on an individual will become crucial to an organisation surviving in a GDPR world.

Technology can power much of the internal change needed to help companies be more responsive. And this is where digital platform technologies can help.Digital process automation enables organisations to implement a process ‘wrapper’ that is both agile and quick to deploy around siloed systems. The layer weaves together disconnected databases, allows legacy systems to communicate with each other and pulls out the relevant information needed on a specific customer.

By consolidating data from siloed systems onto a unified platform, organisations will gain a full 360-degree view of each customer. This visibility empowers organisations to better respond to customers’ requests, engage with them in ways they prefer and identify their needs in a moment of time. This granularity will help organisations identify shortcomings in the customer experience and unearth new ways to keep customers happy.

The piecing together of disparate systems into a single, unified flow of information can be used and understood by anyone – from the customer to the data controller. Customer data, no matter what system it is being held on, will become readily available to those who require it whether that be the ICO or individual customers. Automation puts the organisation in control of incoming requests and enables end-to-end governance, providing CEOs with peace of mind that the risk is understood and being appropriately managed across the business.

 Empowering the consumer

In an age where data misuse and mistrust is at an all-time high, GDPR hands significant power back to the customer by strengthening the rights of individuals to control their own data.

The regulation demands that organisations place strategic imperative on digitising operations to become more customer-focused, responsive organisations. GDPR presents an opportunity for organisations to enhance their existing systems rather than replace them. Digital process automation brings disconnected systems together, consolidates fragmented data and empowers employees with connected systems and information to better serve customers.

New technologies and capabilities that can deliver information at the right time and are customer-centric will provide a competitive edge. As with any legislative shakeup there will be winners and losers, and those that best accommodate these changes will be the ones that will come out on top.