What is the state of GDPR compliance?
Few weeks ago, (13 Sept 2017) Jan Maarten Willems, Managing Partner, Inpuls, and Léa Doré, Pre-Sales Consultant, Orchestra Networks, gave a great talk on the European Union's General Data Protection Regulation (GDPR). Included in the webinar was a demonstration of the new GDPR Accelerator from Inpuls and Orchestra Networks. This accelerator can jump start any organization's compliance program.
Some interesting data points that came out of the polls we administered during the webinar. We asked our audience, about:
The technologies they were using to support their GDPR efforts,
The provisions of GDPR they found most challenging, and
The state of their GDPR programs
On the good news front, it looks like many organizations are on the path towards compliance. And the overwhelming majority have either started or are getting ready to start.
In terms of which provision, or provisions of GDPR that teams find most challenging, we noticed that the provisions of GDPR that require integrations, or connections between traditional data governance, system metadata management, reference data management, and master data management systems appeared to be highest on everyone's' list. For example, effective right-to-be-forgotten implementations (and breach reporting) will require integration between all multiple systems that posses your data assets.
Finally, on the technology question, no one on our team was surprised that spreadsheets are the top of the pack. In other regulatory compliance programs (notably BCBS 239) we've seen the exact same behavior.
Here's what we think happens.
The firm regulatory deadline forces the teams to get to work immediately with the tools they have. Time doesn't exist to evaluate all the possible technology options, let alone implement, and train the entire extended team. So organizations do what they've always done. They address compliance tactically, use widely adopted technologies, and employ lots, and lots manual processing to meet that deadline. While this meets objectives for the first year, we ought to remember that regulatory compliance is hardly ever "one and done." Supporting GDPR with spreadsheets and a heavy dose of manual processing is neither strategic nor sustainable. And, perhaps worse, this approach is very tough to maintain as the regulations change. GDPR will change. As the EU and its member countries enforce the regulation, experiences from the market, the courts, and citizens will lead to an evolution of the law.
But then again, this is why Orchestra Networks joined forces with Inpuls to develop the GDPR accelerator. Our goal is to help, not only, those organization that needs to meet the May 2018 deadline, but also, to develop an offering that can be adapted to any implementation including those that are driven entirely by spreadsheets. Some of the unique features of EBX are well adapted to a changing, evolving environment.
But rather than read about, if you'd like to learn more about our GDPR Accelerator, see a demo, and learn more please contact us.