GDPR Part 3: The important role technology upgrades play in compliance
We began this 3-part series, “GDPR: Game-changing mandate and why you need to prepare,” with Part 1 looking at what GDPR is, who is impacted, and the opportunities it brings. In Part 2, we took a deeper dive into preparing for GDPR compliance, including the value of cloud deployment in staying “always modern” despite continual change. Today, in Part 3, we focus on technology and some of the specific tools you can use to manage GDPR and other compliance mandates.
By Teesee Murray, Infor VP of Digital Strategy & Cloud
The EU’s new General Data Protection Regulation (GDPR) is not only driving organizations to assume greater accountability for data protection, it is also paving the way for ongoing discussions about the role of technology and compliance. GDPR was passed by the EU in 2016, and enforcement began May 25, 2018. As consumers are empowered to speak up about their expectations for privacy, tech-savvy organizations will learn how to turn compliance into a differentiator, and a sure route for building customer loyalty. It’s a new era in data security and, going forward, technology will play an even greater role in compliance.
Upgrading solutions solves multiple challenges at once
GDPR places high expectations on enterprises. The mandates are broad, nonspecific, and apply to both "controllers" and "processors" of data. This means any organization that stores, handles, or processes personal data of EU citizens in any way will be held accountable. The regulation also covers how personal data is collected, why, and how it is used.
IDC explains the broad reach in a recent report: “GDPR is primarily not a security problem, or even an IT concern; it is a business challenge. Whoever leads it, it requires cross-departmental collaboration. Best practice entails a steering group of empowered representatives from all stakeholder groups. This may include external sources such as shareholders and investors, or community groups, given the effect that sanctions for noncompliance may have. … Appointing a leader that drives a coalesced vision and program of activity is essential.”
Technology also plays a critical role in managing compliance of GDPR and other mandates, including new ones that are likely to be issued in the future. Upgrading your solutions should be one of your first steps in a journey to compliance.
Since GDPR was first announced in 2016, software providers have been rushing to make sure their solutions meet the new standards for data collection, data storage, workflows that distribute personal data across the organization, sharing data with partners, monitoring for data breaches, tracking opt-in status, and recording time and place of a customer’s or prospect’s opt-in.
If you are using legacy systems with outdated technology, your processes may be far behind best practices and not up to the challenge of GDPR compliance. Upgrading to the current software will bring you closer to compliance with today’s mandates, but what about tomorrow’s? In industries with high rates of change, cloud deployment is a logical way to remain relevant without having to manage cumbersome upgrades and implementation processes. With cloud computing, the provider makes new innovations and features available automatically so you can stay “always modern” and future-proof your business.
Companies that are deployed in the cloud already experience this peace of mind. In a recent survey of IT managers, 92% that use the cloud said they were confident in their GDPR readiness, whereas just 65% of those that store data on-premise said the same.
Specific tools to apply
When developing your strategy for GDPR compliance, you may want to consult with a data security expert. Each organization will have slightly different requirements. Once you know which of your data processes will be affected by GDPR, you can begin to formulate strategies for compliance. Many companies are finding that upgrading their ERP solutions goes a long way in the journey. It’s also important, though, to look at the various point solutions and applications that integrate with your systems and collect or use data. Your systems are only as strong as your weakest link. So, all applications need to be scrutinized, upgrading as needed.
What Infor is doing
Infor product teams have been addressing GDPR requirements, adding functionality and features to our solutions, from our ERP CloudSuites to our point solutions. Customers wanting to learn how their solution is being updated for GDPR compliance should contact their account executive.
“We understand how important data security is to our customers—and their customers. We have been updating our solutions so they are compliant with GDPR and are diligently working to bring all Infor go-forward products up to GDPR standards,” says Pam Murphy, Infor chief operating officer.
“We aren’t just working on a set of product features, though. We are striving to give our customers peace of mind—the kind of reassurance that comes from deploying modern software that they can trust and they know will help them achieve best practices. We want our customers to be confident in their solutions. Just as we are,” Murphy says. “In this era of constant change, trust is an important part of the customer relationship.”
A recent survey conducted by Capgemini reveals that, beyond peace of mind that comes from compliance, there are other rewards for organizations that enact strong data security systems. Consumers say they are willing to engage more with GDPR-compliant organizations. In fact, 33% say they have shared their positive experiences about data-compliant companies with family and friends, 29% have purchased more products from the organization, 28% have spent more, and 28% have transacted more frequently.
As awareness of GDPR increases and scrutiny of data issues intensifies, these numbers are likely to go up. Consumers will become more engaged in the conversation, and express their expectations about data security.
Some tech-savvy organizations with modern IT solutions deployed in the cloud will easily meet compliance demands, and will be able to stand apart from the lagards that failed to take timely actions. With GDPR in effect, news reports will likely be announcing the plight of the unfortunate companies that suffer large fines. Not only will they face the financial impact, they will suffer the damage to their brand and customer loyalty as the test cases are analyzed and shared.
Will you be one of the companies that can turn this challenge into an opportunity?
If you have quesitons about how Infor solutions can help you, have a conversation with your account representative.
If you would like to know more about the importance of remaining current in this digital era, watch this video, “Digital Darwinism,” or visit Infor.com, where you find more timely articles and details about Infor products, including CloudSuites, which will help you stay “always modern.”
The GDPR series
Part 1: What GDPR means to you: No free passes, nowhere to hide
Part 2: Early steps in the GDPR compliance journey
Teesee Murray leads the global Digital Strategy & Cloud Team that is helping Infor customers pivot to the cloud and modernize their technology. She was recently recognized with a 2018 CIO “Ones to Watch” Award from IDG, honoring rising stars in IT.
- North America