Since its adoption in 2016, GDPR has been the topic of many conversations, LinkedIn posts, Google Ads, blog articles and webinars.
Nearly 6 years later, most companies throughout the world have made efforts to achieve an acceptable GDPR compliance. In the EU and around the world, businesses have bravely faced the challenge.
GDPR requires higher data security, and demands that companies appoint a data protection officer and data controllers, and follow the data protection regulations of GDPR. This is not far from the requirements of data integration.
In fact, while looking at how to handle the consequences of the GDPR on your organization, you might find that data integration can help you solve some of the pains and challenges of GDPR.
WHAT IS PROTECTION OF PERSONAL DATA?
Personal data protection refers to all the things that can be done to protect your personal information. All your personal data - whether it relates to your private life, your professional life or even your public life.
This could include specific rules, regulations, security measures or even simple practices that have to be followed to ensure the safety of your personal data. As such, GDPR is a measure taken to ensure the protection of personal information about EU citizens.
WHAT IS GDPR AND WHY YOU SHOULD CARE
GDPR has now been applied for years. If you are well-informed about this, jump to the last part of this article.
GDPR, or General Data Protections Regulation is an EU ruling intended to protect the data of citizens within the European Union. It is a law that aims to give citizens more control over their data and to create a uniformity of rules to enforce across Europe.
Although this law comes from the EU, it has a global impact. It affects any business holding personal data on customers, prospects or employees based within the EU. In fact, this could be a huge number of companies throughout the world.
If a business offers goods or services to citizens of the EU, it is subject to the penalties imposed by the GDPR.
Despite its adoption in 2016, the law came into effect on May 25th 2018 and as of that date heavy GDPR fines have applied to any business that does not meet the guidelines set forth.
Which “personal data” does GDPR cover?
The data covered by the law is any personal data, i.e. any information related to a person that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, and posts on social networking websites, medical information, or a computer IP address.
It is fair to mention that the EU already had regulations about personal data protection long before this newest data protection law.
How is GDPR different from other data protection regulations?
- Reach: It now applies to ALL companies processing the personal data of data subjects residing in the Union, REGARDLESS OF THE COMPANY’S LOCATION.
- Penalties and fines: The fines can be much bigger than they were in the past. Companies can be fined up to 4% of their annual global turnover or €20 Million (whichever is greater).
- Consent: The conditions for consent have been considerably strengthened. Companies must proactively make sure that consent has been given in an intelligible and easily accessible form. They need to inform about the purpose for data processing attached to that consent. They must explain what processing activities they may perform.
- Documentation: This consent has to be documented carefully. Companies need not only to document this consent, they also have to give EU citizens an easy way to withdraw consent at any time.
- Data subject rights: these rights have been extended considerably. Contacts have the right
- To be informed about breach notification (mandatory)
- To access their data
- To ask that you remove and forget their data (data erasure)
- To request a copy of all personal data being processed (data portability). This means that they have the freedom to transmit it to another processing system if wished for.
And, last but certainly not least, GDPR requires that companies can document their processes to make sure they are compliant to these rules. GDPR is and has been a large scale administrative burden for many companies.
6 years later: is GDPR a success?
GDPR has had an impact on companies as well as on public authorities, or other supervisory authorities to ensure that law’s enforcement. One can wonder about the benefits of this massive effort conducted in 2018.
GDPR has not been without its share of challenges for companies having to reorganize themselves and the way they operate towards clients and potential clients.
GDPR compliance has a cost - if only to ensure the compliance of processes and procedures. SMaller companies might have been able to handle this themselves, internally. Larger companies had to pay up to tens of thousands of Euros to become compliant.
GDPR penalties have been set to be discouraging. 2% of Global Turnover can be a very high price to pay for any corporation. Amazon received a $877 million GDPR fine. What's App’s fine was $255 million, while Google and H&M had to pay $56.6 million and $41 million respectively.
Besides, the large amounts of the fine, it is not very favourable for any company to be flagged with a reputation of not following data protection regulations.
GDPR has also had a wealth of positive side effects such as improved cyber security and brand safety (as the risk of data breach is removed). Noticeably, GDPR has also allowed people to be able to surf websites hours at a time without the risk of being overwhelmed with ads from other unknown “related” organizations.
But more than anything else, GDPR has had the huge benefit of putting data protection on the agenda of organization leaders - small and large. And, with the appointment of a data protection officer (DPO) in each company, it has made sure that this focus will remain.
HOW DATA INTEGRATION HELPS DATA PROTECTION
The GDPR law, and in particular the last part about consent, data portability and the documentation of it all certainly puts a lot of pressure on businesses to have 100% control of their data. Basically, since May 25th 2018, you need to:
- Know what data you have
- Why you have it and what you are allowed to do with it (make sure you have proof of consent)
- Be able to protect that data if necessary (encrypt what you would not want to be disclosed)
- Be able to extract, delete or share this data upon request, in a fast and reliable manner
This is no impossible task to perform if you are working with low data volume all stored and transformed in one and the same system. Often, companies have to deal with a much greater level of complexity.
Your company might sell its products or services via a website. You might use a best of breed CRM system to handle your sales and marketing efforts. And your operations are probably supported by an ERP system.
If these systems are not properly integrated, if you rely on manual transfer of data from one system to the other, then how and where do you keep track of your contacts’ data?
How can you, in a fast and easy way, be able to extract all of a person’s data upon request? How are you sure that the data you extract from one of your systems is all you have about a contact?
Besides, extracting from all systems could be a messy and time consuming process… for the least difficult to document as required by GDPR. This is where data integration comes handy.
By having all data about your contacts 100% in sync in all your systems, you are able not only to get rid of outdated, incorrect information, you can also easily ensure that all contact data is stored in one place, ready to be accessed, delivered or erased. Data integration automates this process so that it is done more effectively and can be documented easily.
Data integration is not as difficult or expensive as it once was. For example, RapidiOnline offers out-of-the-box pre-configured data integration solutions that allow you to get started with your data integration project super-fast.
Because RapidiOnline is pre-configured, you spend less time on logistics and implementation – which is more efficient and cost-effective. The pre-built integration solution contains the most common integration points, and if this is not enough, it is very easy to create additional transfers or customizations. A clever and cost-effective way to solve some of your GDPR challenges.
