On the 25th of May next year, the regulation on GDPR (General Data Protection Regulation) will come in force. Together with our partner TimeXtender, we talk in this post about the meaning of GDPR, as well as what Infozone together with TimeXtender can do for you in terms of GDPR.
Don´t miss out on our Lunch and Learn in Stockholm the 11th of October regarding this subject!
Ready… Set… GO!
Let’s imagine for a minute that we are all ready to start running towards full GDPR compliance. Shoes tied. Water bottles filled. Starting line in sight. Then a person appears. He hands you a piece of paper and asks you politely to answer a few questions before the race starts:
Let’s imagine for a minute that we are all ready to start running towards full GDPR compliance. Shoes tied. Water bottles filled. Starting line in sight. Then a person appears. He hands you a piece of paper and asks you politely to answer a few questions before the race starts:
- What data does your company hold?
“Ahh, that one is easy,” you think. You list the different systems that come to mind: ERP, CRM, HR. But then you wonder “What is the name of the system we uses for data analytics?” and in that moment, you realise that it is not just the system’s name itself that needs to be documented, but the entire data model inside the system! - Where does your company store this data?
Maybe you are lucky enough to be able to write up a complete list of your company’s IT systems. With that list in your hand, you ask your IT department where the systems store their data. They could very well get back to you with the names of various other systems that aren’t even mentioned on your list. Your search would prove one thing at least – that now there are even more systems to document. - What is the data used for?
“It’s used for business operations”, your finance department will answer, before also mentioning budgeting, forecasting, BI and analytics. They might even add a few more systems to your list, since they will include the data warehouses and analytical tools they use. If you press them to define what they mean by “business operations,” they’ll say something like, “You know… reporting, analysis. Some self-service BI too.” Then they’ll look at you and ask whether you REALLY need a complete list of where every little piece of data is used?
The more people within your business you ask, the longer the list of systems and different kinds of data usage becomes. Asking “Why?” will turn your list into a novel and may even include some department’s dream of “eventually using this data for a certain purpose. Maybe.”
And that’s before you glance at the next question on the piece of paper:
- Who has access to the data?
Had this question been the first one, you would have felt so certain that the answer would be an easy one – just ask IT. But as the list of systems and data usage has grown, your certainty has faded. The answer doesn’t just cover access to the main company systems, but also data that’s being pulled into separate systems for data analysis and visualizations, and even data that’s ‘just’ being fetched into Excel and later emailed ‘to whom it may concern’. Who has access to data? Probably a lot more people than you think.
The race is on to be GDPR compliant and there is lots of ground to cover. Since 25 May 2018 is approaching fast, we all need to pick up speed. Maybe the answer isn’t at all about adding as many resources as possible to cover the most milage. Maybe instead we should all be looking for different approaches that will enable us all to reach GDPR compliance. Smarter ways to work. Services and tools that support the tasks of documentation, security and logging. Whatever other tasks that GDPR compliance requires. Whatever it needs for us all to reach the finish line in time.
TimeXtender has a great tool for gathering/ documenting your data correctly. Read more about this here and contact Infozone for further information.
Companies that do not comply with the GDPR regulation risks a fine. The fines are determined and may in the worst scenario charge organizations that violate the legal requirements with up to 4% of the parent comapny´s global turnover, or 20 million Euros. The alternative that is on the highest amount will base your fine. We will help you on your way to GDPR!
The 11th of October we will take you over the finished line at our Lunch and Learn in Stockholm focusing on GDPR. This seminar is free of charge and arranged together with TimeXtender. We will get back to you shortly with further information on our website regarding this Lunch and Learn.