The EU General Data Protection Regulation or GDPR is looming as a reality that is just over a year away on 25 May 2018. A surprising proportion of organisations have not yet taken action to prepare for compliance. There is probably a mix of reasons, starting with the fact that the regulation is easily perceived as clunky and bureaucratic and somewhat vague. So it may be on the board agenda but not very high up in priority. The other and more dangerous idea is that there is plenty of time left to deal with it.
Not so. There are actually many reasons for GDPR readiness to move to the top of the Board and C-suite agendas. The scale of the penalties is certainly one.
Fines can go up to €20 million or 4% of global turnover. For lesser transgressions the fines can reach €10 million and 2% of revenue
It affects every organisation in every sector that is handling any kind of personal data including payroll and HR. But the challenge for commercial enterprises and service organisations of all kinds lies for the most part in ERP and CRM systems, which are the most used repositories for customer information.
The most compelling reason to start work on readying the enterprise for GDPR is already apparent – time. Preparedness is a challenging task that will most likely take longer and cost more than it first appears. Literally, all of the organisations that have already commenced their journey towards compliance have encountered snags and difficulties they had not anticipated. The word throughout the Irish IT industry is unanimous: there will be pockets and residues of personal data that will be discovered only through deep search and analysis.
Typically that will be in unstructured data like email and departmental correspondence or nominally structured but siloed stuff like personal or project spreadsheets, BI reports, client lists compiled for marketing projects and so on. There are also copies of database information in third party cloud services or successive generations of archives and backups.
Our clients are SAP Business One users and are lucky in the sense that by definition all of the data in an integrated SAP suite is accessible and traceable
Personal information of the kinds covered by the GDPR is typically found in customer or client data in the ERP or CRM systems and of course payroll and HR. BI and marketing applications may also contain elements that come under GDPR. The powerful TREX search engine is available to complement the embedded search component in SAP enterprise management systems, which also covers archived data.
[cta link=”http://www.trc-solutions.com/gdpr-and-your-business/” colour=”grey”]Download the GDPR Guide from TRC Solutions[/cta]
All of that makes the GDPR readiness programme easier and speedier for organisations using SAP Business One. But in general, that applies to the formal corporate systems which are integrated enterprise-wide. Other data may be resident in local file stores and databases (individual, team or projects) and in old or discontinued projects and business development efforts.
Many of our clients are already embarked on the GDPR journey and we offer consulting and support services in the technical aspects of that effort. Others are only beginning and we are holding ‘Readiness Assessment’ workshops to help them kick-start their programmes. At a deeper level, we are involved with clients in the critical ‘Data Inventory’ task, discovering and comprehensively mapping all of the personal data in the organisation’s ownership wherever it is held. This could include third party services like cloud in its many forms and Disaster Recovery (DR) backup.
Another key function is ‘Gap Analysis’, the in-depth examination of current practices and processes to identify what needs to be modified to ensure GDPR compliance. One major difference in personal data protection under GDPR is that actual compliance is not enough—organisations will have to be able to prove that they are. It will not take an actual data breach to be offside.
If your organisation is planning for GDPR compliance, we can advise and help with several steps along the way, from mapping data flows to providing Data Protection Officer consulting as a service.
[cta link=”http://www.trc-solutions.com/?page_id=232″ colour=”grey”]Arrange a call with one of our SAP Business One Consultants[/cta]