May 25, 2018 — A date that seems like doom to many companies. The data protection officers jump nervously from one department to the next and try to make their company compliant to GDPR during the remaining weeks until then. In the meantime, employees who are less interested in data protection have noticed that the new General Data Protection Regulation comes into force on this key date, a Europe-wide law that has a massive impact on all IT processes.
But where does this rush come from, although the decision has been known for two years? Put quite simply, it is the five-to-twelve tactics entertained by companies who, consciously or not, have pushed the issue aside for the time being, hoping not to be noticed. Let’s face it: the implementation of the new requirements is a cost factor for any company and it is a not insignificant one. This approach now no longer works because suddenly GDPR is on everyone’s lips, across all media. One reason being, as with so many things, economic factors add an explosiveness to the overall topic. Because if you do not comply with the GDPR, you might face penalties of up to 4% of your worldwide annual turnover or 20 million Euros. These dimensions are startling!
Intelligent solutions instead of operational hustle and bustle
Instead of falling into blind actionism, it is necessary to utilise the remaining time sensibly. In simple terms, the GDPR deals “merely” with the processing of personal data. Does not sound like a big deal, but if you scratch the surface a bit, you will find that such data can be found everywhere in the enormous and branched network of corporate IT. In order to implement the requirements in accordance with the law, there are now two options. You can either search for the countless instances laboriously throughout the countless places in the comprehensive digital corporate world to then implement changes one-by-one. Or you can assign an expert with the task. Here, certain conditions must be met: a deep understanding of the laws and their application areas paired with the in-depth knowledge of the entire company processes and data structures. The procedures applied by these external specialists usually follow common patterns: analysis, conception, implementation. Again, nothing new here if we focus on the process and the analysis because the more detailed and systematic the investigations of the systems are carried out, the faster and thus more efficient, the implementation can be done.
Optimization of processes
Another benefit of a comprehensive analysis is the detection of vulnerabilities, unnecessary processes and data, redundant operations, and many other issues that have an impact on the IT landscape. In order to create pragmatic and valid concepts for companies, a systematic intelligence is required that understands the legal requirements as well as the process structures within the company. This methodology is also reflected in the implementation of practice-oriented solutions with minimal effort.
This is the big opportunity for companies introducing measures to comply with the GDPR. Because of the detailed and, above all, systematic consideration, processes can be optimized, data can be minimized, and transparency can be increased. With this approach, companies can transform years of ignoring the GDPR into a unique advantage: to design the entire IT landscape in a timely manner in accordance with the law, valid, lean and adjusted.
Trend Sheet: GDPR: A wake-up call and challenge for IT security
Author: Sabine Rudolf
Figure source: © ipopba / istockphoto.de