The new EU privacy regulation GDPR, which has raised a great deal of debate and strong feelings, kicks in on Friday 25th of May 2018. What does this have to do with the end of the last millennium and how did we at Plan Brothers prepare for the change?
Let's go back in time to the year 1999. The number of internet users globally climbs to 150 million, the euro is accepted in scriptural form in Finland and 11 other EU countries, Mika Häkkinen grabs his second F1 championship and Denver Broncos wins the Superbowl back-to-back. How do these things relate to the topic? Well, they don't. But the same year is also marked by a term that has a lot of convergence with GDPR.
Y2K
The turn of the year between 1999 and 2000 was awaited worldwide in confused moods. Because of the precious value of computer memory at the beginning of computing, efforts were made to save it by marking the year into data systems with two numbers. At the turn of the millennium, the numbers would turn to 00, which was feared to cause, for example, the collapse of banking and security systems. The wildest prophets even mentioned that the world would end. The term Y2K was born, and organisations were preparing for it by investing in new information systems. The IT industry was blooming and the bubble broke shortly after the turn of the millennium (the diagram below is from an article that you can find here).
Like we all know, the above predictions didn't come to fruition. However, going back in time is current, as similar fears have been associated with the GDPR. It is labeled as the end of outbound sales and marketing, the boom of trolls who request the removal of personal data to harass companies, huge sanctions, and again as one of the bureaucratic pains of the companies operating in the euro area. But is the glass half empty or half full?
GDPR as a competitive advantage
Although we have been setting the stage for this blog post through fear-mongering, we in no way want to give a picture that would diminish the importance of GDPR - on the contrary. Change always requires effort, but at the same time it enables the development of your business.
Here are some of the benefits that come with the enhanced privacy regulation:
- Increased trust. As a result of this change, customers have more information on how organisations utilise their personal information. Increased transparency enhances confidence which transforms into better customer experience.
- Distinguished overlapping processes. Preparing for the change requires ventilation of processes, which, when properly utilised, allows for more efficient operations.
- The same rules for everyone. As data protection requirements throughout the EU are harmonised, the previous divergences will no longer slow internalisation and growth within the euro area.
Falcony and GDPR
We started preparing ourselves well in time last year by selecting a responsible person for each business function. The first task of the GDPR team was to audit the data streams processed by our company from these perspectives:
- What personal information do we collect?
- Where did the information come from?
- Where is the information stored?
- Where is the information transferred?
- Who has access to the information?
- Who is the data controller and who are the processors?
Once the data streams were audited and documented, it was time to ensure that our subcontractors and service providers, working as data processors, were committed to work as required by the new data protection regulation. In practice, this meant creating and signing new DPA's (Data Processing Agreements) with the aforementioned stakeholders.
At the same time, we upgraded our security policies, unified our risk management, and created processes for internal audits from a data protection perspective.
As the last steps of the preparation, we have revised our Privacy Policy and Terms of Service to respond to the new legislation, signed separate DPA enclosures with several of our customers, and continued with regular trainings for the whole staff. Last but definitely not least, we have prepared for personal data requests that may increase with the GDPR.
Has your organisation set up a process to handle the GDPR related data requests? Check out our FREE trial and improve your organisation's reporting readiness today:
We are building the world's first operational involvement platform. Our mission is to make the process of finding, sharing, fixing and learning from issues and observations as easy as thinking about them and as rewarding as being remembered for them.
By doing this, we are making work more meaningful for all parties involved.
More information at falcony.io.
