GDPR is a Process Issue

Author(s)

Founder & CEO, Elements.cloud
30+ years in business transformation and operational excellence as executive sponsor, consultant and software vendor. Author of 8 books, prolific blogger and conference speaker Based in San Francisco, London and in a 747 Powered by Duracell

By May 25, 2018 – less than 100 days away – any company doing business with subjects of the European Union must comply with the General Data Protection Regulations (GDPR) stringent rules or face fines up to 4% of revenue. Underpinning the regulations is the principle of “Privacy by design” which means compliance cannot be an add-on, but must be baked into the operational DNA of the organization.  It is a process issue as much as a customer data one. 

Gartner predicts that by the end of 2018, more than 50 percent of companies affected by the GDPR will not be in full compliance with its requirements. A recent survey by PwC revealed that 92% of U.S. multinational companies cite GDPR as their top priority and 9% are expecting to spend over $10m. This is a board level issue.

GDPR and recent data breaches have put data privacy in the spotlight. Organizations that move fast to demonstrate “privacy by design” will earn trust, confidence and deeper engagement with customers. For many companies GDPR compliance is not a choice. How they choose to turn it to their advantage is.

In detail

Background
By May 25, 2018, any company doing business with subjects (leads, customers, employees, suppliers) of the European Union must comply with the GDPR’s stringent rules or face fines up to 4% of revenue. Underpinning the regulations is the principle of “Privacy by design” which means compliance cannot be an add-on, but must be baked into the operational DNA of the organization.
GDPR – what is it?

The General Data Protection Regulation (GDPR) is the new data privacy regulation jointly proposed by the European Parliament, the Council of the European Union and European Commission, aiming to “strengthen and unify” data protection laws for individuals within the European Union. GDPR consists of 99 Articles, plus 173 Recitals, which provide explanatory text to aid interpretation of the Articles. The new regulation plans to replace the old Data Protection Directive [95/46/EC], which has been effective from 1995.
Who is affected by GDPR?

GDPR applies to organizations…

  • Holding or processing personal data of subjects residing in EU
  • Offering goods or services to EU residents
  • Monitoring behaviors of EU data subjects

The law applies to any company whose data processing concerns private data of EU data subjects, irrespective of the company’s (processor or controller) location.

The impact

The GDPR goes into effect in May 2018, but few businesses are ready and realization is setting in that:

  • GDPR is real and not going away
  • A wide range of stakeholders participate in GDPR compliance
  • Privacy by design isn’t a one-off exercise
  • Compliance requires understanding and control of data, processes and IT systems
  • It is a huge task

A study carried out by Dell in 2016 revealed that over 80% of companies surveyed “know few details or nothing about GDPR,” and 97% had no plan to be ready for GDPR. Awareness is building but there are less than 200 days to go. Gartner predicts that by the end of 2018, more than 50 percent of companies affected by the GDPR will not be in full compliance with its requirements. A recent survey by PwC revealed that 92% of U.S. multinational companies cite GDPR as their top priority and 9% are expecting to spend over $10m. This is a board level issue.

There are several myths or misunderstandings around GDPR

  • It only affects EU companies: Not true
  • It is about securing and encrypting data: Not true
  • Companies need to locate their data in the EU: Not true.

The greatest barrier to taking action is that companies believe it that it doesn’t affect them or that they will not be caught and fined. This is missing the point. This should be the catalyst to rethink your customer engagement strategy and build loyalty that is a huge differentiator and competitive advantage.

Benefits not fines

Whilst fines of 4% of revenue focuses the mind, there are huge benefits to be gained from transforming the way you handle customer data:

Reputation: Trust can disappear overnight with a data breach or reported misuse of personal information. Complying with GDPR can be used as a competitive differentiator and something to shout about, not just a way of saving you from becoming another data-breach statistic.

Data simplification: You must delete the personal data you don’t need or have permission to hold. You can also only hold personal data you have a valid basis for, and then only for a reasonable period – including all that duplicated data. With less data that is more up-to-date and accurate you will see immediate savings. A survey showed staff spend 18% of time looking for the right information and then confirming that it is correct.

Process improvement: GDPR impacts all customer-facing areas of your business and requires you to have documented and version controlled processes. Documenting processes drives improvements and quick wins. We typically see 25% improvements in productivity, and often more, when using a proven process mapping approach.

3 practical steps

Once you have assessed if you need to comply with GDPR there are 3 steps you need to take.

Job #1 – Develop & deploy operational processes: There are specific processes that need to be documented, understood and followed; getting opt-in consent, Subject Matter Access requests, reporting data breaches.

Job #2 – Where is the Personal Data stored: You need to take an inventory of all your internal systems and build a data catalog of each systems down to field level.

Job #3 – Get opt-in consent: You need to get opt-in consent from all your customers that is freely given, specific, informed and unambiguous. You should delete all the data unless you can hold it for another legal basis.

The Final Word

GDPR and recent data breaches have put data privacy in the spotlight. Organizations that move fast to demonstrate “privacy by design” will earn trust, confidence and deeper engagement with customers. For many companies GDPR compliance is not a choice. How they choose to turn it to their advantage is.

Similar Resources

Enhancing Your Team’s BPM Capabilities: The Value of External Expertise

Enhancing Your Team’s BPM Capabilities: The Value of External Expertise

Author(s):

Editor & Founder, BPMInstitute.org, BAInstitute.org and DBIZInstitute.org

Enhancing Your Team's BPM Capabilities: The Value of External Expertise In today’s dynamic business environment, managing and improving business processes is critical for any organization aiming to maintain a competitive edge. Many companies consider handling Business...

Exploring Shared Data Model and Notation (SDMN) and Its Role in BPM+

Exploring Shared Data Model and Notation (SDMN) and Its Role in BPM+

Author(s):

Editor & Founder, BPMInstitute.org, BAInstitute.org and DBIZInstitute.org

Exploring Shared Data Model and Notation (SDMN) and Its Role in BPM+ Introduction In the evolving landscape of Business Process Management (BPM), the introduction of Shared Data Model Notation (SDMN) marks a significant advancement. As businesses increasingly seek to...

Article: Embracing the Future: Low-Code and No-Code Platforms in BPM+

Article: Embracing the Future: Low-Code and No-Code Platforms in BPM+

Author(s):

Editor & Founder, BPMInstitute.org, BAInstitute.org and DBIZInstitute.org

Article: Embracing the Future: Low-Code and No-Code Platforms in BPM+ Introduction In the realm of business process management (BPM), low-code and no-code platforms have emerged as transformative tools, reshaping how organizations develop applications and manage...

Featured Certificate: BPM Specialist

Everyone starts here.

You're looking for a way to improve your process improvement skills, but you're not sure where to start.

Earning your Business Process Management Specialist (BPMS) Certificate will give you the competitive advantage you need in today's world. Our courses help you deliver faster and makes projects easier.

Your skills will include building hierarchical process models, using tools to analyze and assess process performance, defining critical process metrics, using best practice principles to redesign processes, developing process improvement project plans, building a center of excellence, and establishing process governance.

The BPMS Certificate is the perfect way to show employers that you are serious about business process management. With in-depth knowledge of process improvement and management, you'll be able to take your business career to the next level.

Learn more about the BPM Specialist Certificate

Courses

  •  

 

Certificates

  • Business Process Management Specialist
  • Earning your Business Process Management Specialist (BPMS) Certificate will provide you with a distinct competitive advantage in today’s rapidly evolving business landscape. With in-depth knowledge of process improvement and management, you’ll be able to take your business career to the next level.
  • BPM Professional Certificate
    Business Process Management Professional
  • Earning your Business Process Management Professional (BPMP) Certificate will elevate your expertise and professional standing in the field of business process management. Our BPMP Certificate is a tangible symbol of your achievement, demonstrating your in-depth knowledge of process improvement and management.

Certification

BPM Certification

  • Make the most of your hard-earned skills. Earn the respect of your peers and superiors with Business Process Management Certification from the industry's top BPM educational organization.

Courses

 

Certificates

  • Operational Excellence Specialist
  • Earning your Operational Excellence Specialist Certificate will provide you with a distinct advantage in driving organizational excellence and achieving sustainable improvements in performance.
 

 

OpEx Professional Certificate

  • Operational Excellence Professional
  • Earn your Operational Excellence Professional Certificate and gain a competitive edge in driving organizational excellence and achieving sustainable improvements in performance.

Courses

Certificate
  •  

  • Agile BPM Specialist
  • Earn your Agile BPM Specialist Certificate and gain a competitive edge in driving business process management (BPM) with agile methodologies. You’ll gain a strong understanding of how to apply agile principles and concepts to business process management initiatives.  
 

Business Architecture

 

Certificates

  • Business Architecture Specialist
  • The Business Architecture Specialist (BAIS) Certificate is proof that you’ve begun your business architecture journey by committing to the industry’s most meaningful and credible business architecture training program.

  • Business Architecture Professional
  • When you earn your Business Architecture Professional (BAIP) Certificate, you will be able to design and implement a governance structure for your organization, develop and optimize business processes, and manage business information effectively.

BA CertificationCertification

  • Make the most of your hard-earned skills. Earn the respect of your peers and superiors with Business Architecture Certification from the industry's top BPM educational organization.

Courses

 

Certificates

  • Digital Transformation Specialist
  • Earning your Digital Transformation Specialist Certificate will provide you with a distinct advantage in today’s rapidly evolving business landscape. 
 

 

  • Digital Transformation Professional
  • The Digital Transformation Professional Certificate is the first program in the industry to cover all the key pillars of Digital Transformation holistically with practical recommendations and exercises.

Courses

Certificate

  • Agile Business Analysis Specialist
  • Earning your Agile Business Analysis Specialist Certificate will provide you with a distinct advantage in the world of agile software development.

Courses

Certificate
  • DAS Certificate
  • Decision Automation Specialist
  • Earning your Decision Automation Certificate will empower you to excel in the dynamic field of automated decision-making, where data-driven insights are pivotal to driving business innovation and efficiency.