Other parts of this series:
Case studies: How Accenture is helping financial services clients get GDPR-ready
In this series so far, I’ve spoken about the effects the EU’s General Data Protection Regulation (GDPR) will have starting 25 May 2018. I’ve also shared advice on what companies can do to prepare for the changes to come.
In this post, I’ll pinpoint pitfalls companies must avoid and I’ll share case studies of how Accenture has helped clients get GDPR-ready.
Pitfalls to avoid:
- There’s no one-size-fits-all solution to GDPR
Each company is unique in its approach to the protection of customers’ and employees’ personally identifiable information. There’s no one solution that can be applied across all businesses. Hence, you must work with legal teams to understand the interpretation of the law according to your own unique profile.
- Don’t rely on software alone to be compliant
There’s no quick fix to GDPR. More than likely, your company’s eco-system is comprised of many different software providers and each will have varying responses to the new regulation. Further, these software providers are building solutions which can be applied generically to everyone. Although the interpretation of the law specific to your unique profile Expect your software providers to give options or enhancements to the software to support GDPR; however, expect there will be an effort to interpret, design and implement the enhancements made available to your needs.
- Don’t wait too long to prepare
Companies should already be busy making the changes to how they source, use, store and delete data. The deadline for GDPR-readiness is coming up quick: 25 May. As time professes, I anticipate there will be more regulatory changes as well as stricter guidelines.
- Don’t ignore the trickle effect of GDPR on legacy HR solutions
GDPR will have a definite effect on legacy archive systems, data warehouses and other downstream applications. We advise companies to appoint a GDPR chief data officer (CDO) specifically to address the new regulations and oversee the changes needed to make all systems—old and new—compliant with the new rules. As most FS organizations are all too familiar with CDO roles, this additional resource would support and own the overall data lineage of systems, including reporting solution, and remain close on the GDPR regulations and compliance within the organization.
- Don’t fail to adapt to the new legislation
Complacency is the enemy of compliance—companies that don’t get their affairs in order by the deadline will face severe consequences. The penalty for non-compliance is 4 percent of global annual revenue or €20 million.
How we’re helping clients globally
Accenture’s approach to GDPR is technology-driven, which has four main benefits: speed, accuracy, repeatability, and scalability.
Accenture solutions offer extensive customization and integration to help organizations comply with new regulations. Our software applications complement SuccessFactors, Employee Central, EC Payroll and SAP HCM to add value in the following key GDPR areas:
- Encryption, pseudonyms, masking;
- Right to be forgotten;
- Privacy by design/default;
- Use only with consent;
- Right to be erased/deleted;
- Data protection and breaches;
- Privacy principles for processing; and
- Data portability.
Accenture is helping financial services clients comply with GDPR across multiple geographies, which gives us unparalleled insights into industry and market trends. For example, we’ve been helping major banks in the UK, Portugal and Italy with GDPR gap assessment and in some cases implementation. We’ve also been helping a large Swiss investment bank draw up a GDPR program roadmap to enable compliance across four blocks:
- Operation controls, governance/policies;
- Respecting data subject rights;
- Transfers of personal data; and
- Data breaches.
With the right GDPR team by your side your company can become compliant! If you haven’t started by now, you’ll need to mobilize a GDPR-specific team with resources who know what they’re doing to prioritize and build a plan to get to 25 May and beyond. To learn more, get in touch or have a look at these useful resources: