GDPR is everywhere – LinkedIn posts, Google Ads, blog articles and webinars are currently produced in abundance to tell you what it is, what you should do and why you should worry about it. In the EU and around the world, businesses are getting ready to face it, and my company has been not exception to that. I’d like to share with you what I have learned during this process, so here’s my 2 cents input on the topic. See, my focus is as always on data integration, and while looking at how we will be handling the consequence of the GDPR, I figured out that data integration can in fact help you solve some of the pains that this new data protection law may cause you.
What is GDPR and why you should care
For the sake of good order, and despite the fact that it is all over the internet, here’s a quick summary… If you are on top of the regulation and are just curious about what data integration can do for you, jump to the last part of this article.
GDPR, or General Data Protections Regulation is a ruling intended to protect the data of citizens within the European Union. Simply put, it is a law that aims to give citizens more control over their data and to create a uniformity of rules to enforce across Europe. Although this law comes from the EU, it will have a global impact. It will affect any business holding personal data on customers, prospects or employees based within the EU. If your business offers goods or services to citizens of the EU, you will be subject to the penalties imposed by the GDPR. The law will come into effect on May 25th 2018 and as of that date heavy fines will apply to any business who does not meet the guidelines set forth by the GDPR.
The data covered by the law is any personal data, i.e. any information related to a person that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, and posts on social networking websites, medical information, or a computer IP address.
This is all very well, but the EU already had regulations about the topic before GDPR. What has become different?
Reach: It now applies to ALL companies processing the personal data of data subjects residing in the Union, REGARDLESS OF THE COMPANY’S LOCATION.
Penalties: The fines can be much bigger. Companies can be fined up to 4% of their annual global turnover or €20 Million (whichever is greater).
Consent: The conditions for consent have been strengthened, and companies must make sure that consent has been given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. They must be able to document this consent, and, it must be as easy to withdraw consent as it is to give it.
Data subject rights: these right have been extended considerably. Besides the mandatory breach notification that has been broadly covered in all articles I read, your contacts have also gained several rights that could have an impact on your business: the right to access their data and the right to be forgotten (data erasure). The law also introduces data portability, which allows them to request a copy of all personal data being processed so that they have the freedom to transmit it to another processing system if needed.
And, last but certainly not least, GDPR requires that you can document what your company’s processes are to make sure you are compliant to these rules.
How data integration can help
The GDPR law, and in particular this last part about consent, data portability and the documentation of it all certainly puts a lot of pressure on businesses to have 100% control of their data. Basically, as of May 25th 2018, you will need to:
Know what data you have
Why you have it and what you are allowed to do with it (make sure you have proof of consent)
Be able to protect that data if necessary (encrypt what you would not want to be disclosed)
Be able to extract, delete or share this data upon request, in a fast and reliable manner
Now this does not sound like an impossible task to perform, if you are working with low data volume all stored and transformed in one and the same system. But the reality might be quite different. Your company might sell its products or services via a website. You might use a best of breed CRM system to handle your sales and marketing efforts. And your operations are probably supported by an ERP system. If these systems are not properly integrated, if you rely on manual transfer of data from one system to the other, then how and where do you keep track of your contacts’ data? A little bit everywhere? How can you in a fast and easy way, be able to extract all of a person’s data upon request? How are you sure that the data you extract from one of your system is all you have about a contact? Besides, extracting from all systems could be a messy and time consuming process… for the least difficult to document as required by GDPR. This is where data integration comes handy.
By having all data about your contacts 100% in sync in all your systems, you are able not only to get rid of outdated, incorrect information, you can also easily ensure that all contact data is stored in one place, ready to be accessed, delivered or erased. Data integration automates this process so that it is done more effectively and can be documented easily.
The good news here is that data integration is not as difficult or expensive as it once was. For example, RapidiOnline offers out-of-the-box pre-configured data integration solutions that allow you to get started with your data integration project super-fast. Because it is pre-configured you spend less time on logistics and implementation – which is more efficient and cost-effective. The pre-built integration solution contains the most common integration points, and if this is not enough, it is very easy to create additional transfers or customizations. A clever and cost-effective way to solve some of your GDPR challenges.
With over 25 years’ experience in strategically propelling businesses forward, Henning is considered a business development entrepreneur with a passion for transforming businesses, sales and marketing operations through out-of-the-box thinking, concepts building and process automation to improve overall performance and scalability.