For most GDPR is something that’s not happening RIGHT NOW and so is not a priority. It also doesn’t yet seem to have a natural home in business (aside from the legal team and compliance department) as so many elements of an organisation touch on data to varying degrees.
Naturally everyone has a part to play in adapting our approach towards the data we handle – and I’m including our customers. However, in practice the implications and challenges surrounding the unpicking of vulnerabilities and identifying the adjustments needed can seem insurmountable. The reality is that the legislation is not going to change too much – it’s the fact that even small changes when they need to be rolled to laborious, incumbent processes are just as significant as the big ones. And by the way, if you get it wrong the penalties are now huge. Financially, the potential bill has gone from half a million Euros max to either 200m or up to 4% of your global turnover. Ouch.
Here are the main points:
The guidelines are looking quite similar to the UK’s current Data Protection Act ensuring that:
- The data is gathered for legitimate reasons
- That only data needed for this purpose is held
- The data is fairly and lawfully processed
- That it isn’t held for longer than necessary
- You must be able to prove you have complied.
As a result of the changes, individuals will be able to:
- Access and rectify data
- Restrict processing
- Move their data
- Right to erasure – this is the key one and has most technicians worried. It’s tricky to completely delete data so you need a system to ensure it is managed appropriately.
Full a more in depth look, have a read of our GDPR and Low-code Technology paper
The body responsible for the changes have specifically identified technology as playing a key part in ensuring compliance. Unfortunately they didn’t specify which type, but it’s obvious that the changes are unlikely to be viewed in isolation and so businesses will be looking to their processes and the systems behind them to make sure they are up to the job. Also, they need to be capable of change in the future too which means speed, internal ownership and ease of deployment to the business will need to be offered as a minimum by the tech deployed to manage such transformational activity.
Ultimately GDPR presents challenges, but is equally an opportunity for us to review our processes and explore whether they are suitable now and in the long term.
“Data is a precious thing and will last longer than the systems themselves.” – Tim Berners-Lee, inventor of the World Wide Web.
Well said Tim.
If you are thinking about how best to tackle a process review, take a look our mapping guide which outlines some key questions to get things in focus.
FLOvate are the creators of LEAP Low-code Business Process Management software. If you want more information or access to advice and guides feel free to visit us at flovate.com.
You can also speak to one of our Solutions Team members via email or on 0330 111 0570.
*General Data Protection Regulation OR….’ those data changes’.