The GDPR deadline is looming large among organisations. You may be brave enough to review these guidelines and even feel comfortable bringing up the GDPR compliance requirements with colleagues. While office water cooler chatter might include banter and some jokes, secretly you are worried. Really worried.
Rightfully so. When this panic starts to set in (commensurate with your role in the company, of course) questions and concerns go through your mind; it all seems too daunting of a task to undertake.
Where do I start?
First off, take a big, deep breath. It’s likely the majority of other organisations are in the same boat as you are. Did you know that 69% of UK businesses are “inadequate in their preparation for the regulation’s indoctrination”?1 You may have the resources to conduct an audit in-house or recruit an outside organisation to help with this. These outside partners will provide you with a process assessment and advise where the compliance issues exist. Check references to see if these prospective companies have successfully handled enterprise banking and insurance organisations in not only becoming compliant, but also in keeping compliant with changing regulations.
Mind the Gap: It’s The Data
There are two types of data: what you see and what you don’t. Think of these as your systems of engagement (website, email, paper, etc.) and systems of record (your ERP, CRM, databases, filing cabinets, etc.). This is typically what businesses regard as gap analysis, auditing the quality and quantity of data.
The systems of engagement, also known as customer-facing data, will be easier to uncover, update and manage. It’s likely your organisation has invested in current automation technology to communicate and engage with customers, such as onboarding and other products and services.
This customer-facing data will need to undergo transformation, changing legalese into basic business language. Plus, you’ll need to create an additional layer of transparency for the customer, including easy opt out and information on how their data is being used (and secured). Speaking of security, you will also need to integrate a multichannel notification process in the event of possible data breach.
And what about the data you can’t see?
This hidden data is tucked away in your systems of record. Like most organisations, this legacy system(s) is probably more than a decade old. While data might be excavated from this system from time to time, it’s now more important than ever to uncover customer data that is lurking in the shadows. If you haven’t taken the leap to integrate these legacy systems with your current technology platforms, now is a good time to invest in it. By leveraging an enterprise integration platform, you can uncover this hidden data and evaluate its necessity. Many of these platforms include visual dashboards that will show errors in data and processes, making it easier to address issues. Plus, you will be able to see where and how the data is being utilised, enabling you to gain greater insight and manage data more effectively.
See the Forest Through the Trees: It’s the Paper
While technology has reduced paper consumption over the decades, there are still legacy processes and compliance requirements that necessitate the use of paper. Mortgage documents, loan applications and even updating a customer address yield a practically unimaginable amount of paper. We haven’t even included all the paper documents you generate in your internal business processes. The best investment here is great capture technology. But as you may well know, it’s not just about capturing the data itself; you need to be able to extract data from a huge variety of documents (invoices, forms, purchase orders, etc.). While the extraction is key, more important is how and where the data can be leveraged and integrated within your databases so it becomes actually usable across the organisation and systems.
Mitigate Risk: It’s Your Employees
KYC, AML and CDD are just part of the acronym soup we partake in on a daily basis as compliance guides financial business processes. Let’s add one more: RPA or Robotic Process Automation. Think of RPA as the employee that never sleeps, never takes a holiday and doesn’t make errors. It’s built to automatically verify and check a customer’s information and identity across multiple external sites, such as law enforcement and credit bureaus. What would normally take half an hour for a typical employee to gather this data takes about 2 minutes with RPA, dramatically improving efficiency and accuracy. Of course, RPA can be used in a variety of other tasks, such as automated notification of a data breach, triggered by an internal alert you create; answering customer queries about how their information is being used; or providing proof that a customer’s personal data has been removed from line of business systems.
Whether your organisation is located in the UK, EU or anywhere else, if you have customers, partners or suppliers that reside in the EU, the GDPR regulations apply to you. The cost of non-compliance can mean either staying in business or closing your doors.
Don’t let your organisation become part of the 24% who won’t become GDPR compliant by May 2018.2
If you missed part one of this post, please click here:
Sources:
GDPR article on LinkedIn: https://www.linkedin.com/pulse/how-prepare-your-non-eu-business-gdpr-paul-hewett
Infographic: https://www.guidancesoftware.com/blog/security/2017/07/06/how-to-prepare-for-gdpr-with-sc-magazine