The EU General Data Protection Regulation (GDPR) has been in the making for a long time.
Coming into force on May 25, 2018, the regulation will affect any company that handles personally identifiable information (PII) of EU citizens. In short, if you are an organisation that has an EU customer or employee, this applies to you – no matter where your business is based.
There has never been a more important time to act, with under nine months to go before you and your organisation could risk huge fines (think a maximum of 4% global turnover or €20m, whichever is greater) and more importantly, corporate reputational loss.
For more on journeying to GDPR compliance and the truth about organisational risk, see here.
The change in regulation will mean corresponding changes in the way organisations collect and handle PII. There are areas of the legislation that are easy to understand, such as the need for:
- Organisations to have a Data Protection Officer
- Data breaches to be reported to the enforcing body in your jurisdiction within 72 hours (for the UK, see the Information Commissioners Office or ICO)
- A mechanism to provide EU Citizens with access to data companies hold on them
- A way of EU Citizens to invoke the right to be forgotten
However, there is nothing prescriptive about how to deliver on those requirements.
But where do you start?
Compliance Is All About Process – and the GDPR Is No Different
Highly regulated industries have focused on compliance processes for years. Their ability to demonstrate to enforcing bodies that business processes are documented, fit for purpose and repeatable while also being adaptable is the key to remaining compliant.
Compliance means lower risk of fines or sanctions, and increased corporate reputation and brand value. Or perhaps something as simple as continuing to hold a license to operate.
Fortunately, there are tools that can help.
Connecting Data from Different Platforms
Nintex Workflow Cloud® is a powerful cloud-first platform that helps you connect data from different sources and systems of record to automate sophisticated, intelligent and impactful business processes.
Let’s discuss how Nintex Workflow Cloud can address the new regulation.
The “Right of access by a data subject” rule (Article 15 of the GDPR) will allow EU customers or employees to request all digital data you hold on them. Organisations then have to supply it, in its original format, within a month.
If, like most normal businesses, you hold that information in multiple systems, searching through them individually will take countless hours of employee time and there’s a very high chance that information will be missed if this is left to manual searches. This puts a company at risk.
Nintex Workflow Cloud, by contrast, can automate this whole process – eliminating errors, minimising risk and expediting searches.
And if that doesn’t go far enough, why not take it up a notch. Should your organisations have a mix of structured, semi-structured and unstructured data, augment your GDPR compliance capability by integrating Nintex with existing systems such as enterprise search and classification tools.
Subject Access Request handling will be different for every organisation. Some will find it harder and more time-consuming than others. But for all, it will involve searches across many systems in a precise way and to exacting standards, if they are to avoid falling foul of the GDPR.
Nintex can play an ever more important role in helping companies comply with the EU data protection rules by automating this process.
Be GDPR Ready with Nintex Workflow Platform
The webinar will provide:
- An overview of how the EU General Data Protection Regulation will fundamentally impact the way in which organisations interact with customer and employee data.
- Look at how the Nintex Workflow Platform and Concept Searching give organisations the tools to drive a GDPR compliant response to internal data handling and external Subject Access Requests – helping to get GDPR compliant fast.
- Discuss how the Britecloud ‘GDPR Case Management and Compliance’ Solution can be adapted to meet your organisation’s business and compliance needs, and technology landscape.