As the volume of data collected today continues to increase, so too do the regulations designed to protect personal data. The new European General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU and has widespread implications for any business that interacts with personal data from people in the EU regardless of whether that company resides in the EU or does business there. With GDPR taking effect on May 25, 2018, if you haven’t started to plan your organization's strategy, now is the time.
The Impact to Data Management
The GDPR’s broad definition of personal data includes “any information relating to an identified or identifiable natural person or ‘Data Subject’.” This naturally encompasses many of the main attributes found on any contact record (aka Entity in NetSuite), such as first name, last name, telephone number, address, age, gender, etc. as well as other information including social media posts, bank account information, and IP Addresses. This is surely going to throw a monkey wrench in any organization’s marketing strategy in the EU as companies have CRM and mailing lists bound to include EU personal data. Consequences for non-compliance include steep fines up to 20 million Euro or four percent of the company’s annual worldwide revenue, whichever is higher, so it’s nothing to be taken lightly for firms of any size.
GDPR places a greater emphasis on maintaining transparency and culpability in relationships with EU data subjects. ERP, CRM, HRMS, HCM, E-commerce and other IT systems that store employee and customer information are all impacted. Under the new law, firms need to go beyond just software solutions and review all data management, terms of service, and cybersecurity procedures to ensure compliance. Companies are now required to have cybersecurity protection in place and to maintain regular testing of theirr systems to verify efficacy. In the event of a breach, companies must immediately notify a regulatory agency within 72 hours.
Data collection methods will also be significantly affected by GDPR obligations to ensure personal data is obtained with clear and informed consent. Even after data is collected,the biggest challenge for companies is that individuals will still maintain some control over it under the GDPR. They must be able to move their data at their own discretion, and they will have the right to be forgotten, to delete their information from company databases, and to make corrections to their data long after it was collected. Consider the challenge this imposes on companies that keep tape backups and archive database applications.his will be a daunting challenge for data processors.
A Single System Streamlines Compliance
NetSuite COO, Jim McGeever, announced at SuiteWorld that NetSuite will be taking steps to ensure GDPR compliance. The screenshot below shows the new GDPR portal added to Customer Center in NetSuite showing how NetSuite captures the requests from Data Subjects.
Mr. McGeever strongly recommended that companies get on board now and not procrastinate getting their organizations ready. NetSuite will be rolling out guidance and tools to help customers comply with the new regulation as their focus has been clearly stated as “Going Global”. For customers that store information across a number of various systems, consolidation into a single database can significantly improve their ability to comply with the new data management challenges. This brings significant value to companies running their entire business on a single unified database platform such as NetSuite.
An Affordable GDPR Solution
Techfino is partnering with cloud application partner, Clarip, to ensure our CleanSweep product line for archiving and purging data in NetSuite meets GDPR standards. Clarip’s innovative SaaS platform addresses many of the core GDPR requirements including Articles 5 & 12 (Transparency), Article 7 (Informed Consent), Articles 15-17 (Data Subject Access Rights), Article 28 (Data Sharing) and Article 30 (Record keeping). Clarip works with Fortune 500 clients and smaller businesses to meet the GDPR requirements affordably thanks to AI and other legal automation services that they offer. Clarip’s Data Risk Intelligence tool can help you understand data leaks to third-parties and close gaps in privacy notices. If your business is struggling to make sense of the new regulation or is looking for a turn-key service to cut your compliance costs from other alternatives, than we highly recommend you contact sales@clarip.com for a free consultation.
Consider Upgrading to a Modern ERP, CRM, or HCM System to Ensure Compliance
Legacy IT systems will have a difficult time adapting to emerging regulations such as the GDPR. To be able to meet these requirements, you should consider upgrading to a modern cloud solution that can keep up. If you’re considering modernizing your business, call Techfino to learn how NetSuite can help your business scale and remain in compliance.
If your interested in learning more about how your company can best adapt to meet the ever changing landscape of IT and Legal challenges including Compliance with GDPR, connect with our team of experts at Techfino today!