Currently, companies without manufactured physical products earn billions euros by utilizing intangible assets and creating virtual products out of thin air. A significant amount of this information economy is based on selling our personal data and shaping our virtual social environment. For example, world’s largest companies, like Google and Facebook, sell our contact information, social networks, personal interests and much more to anyone willing pay for such precious information. These companies shape our understanding about surrounding world by offering some and denying access to other information.
We live in a bubble.
But who controls the bubble?
Microsoft just purchased LinkedIn with $26 billion. Microsoft bought Our personal information. Knowledge about our professional jobs, skills, experiences, contacts, networks, messages, societies, interests, and so on. Now, Microsoft knows more about employees of other companies than most of companies know about their own employees.
Do You know who knows You?
Do You know what they know about You?
These are the problems that alarmed citizen activists, politicians and government officials across the world. In January 2012, the European Commission proposed a comprehensive reform of data protection rules in the EU. The brand new EU General Data Protection Regulation (EU GDPR) entered into force at 25.5.2016 and it shall apply after two year transition period at 25.5.2018.
Now, everyone has the right to the protection of their personal data.
The regulation will increase substantially rights of an individual person. It means You as a customer, an employee, a citizen, a patient or any other role. You are entitled to be informed how Your personal data is being handled. You are given a right to access, check and update Your personal information. You now have a right to take Your data and move it to another place. Many similar rights have been now specified in more detail. The new General Data Protection regulation made companies accountable and responsible for their practices.
Soon, the misconducts can result to sanctions.
Now, companies need to clean up their information inventories and practices.
In practice, during less than two years businesses must transform all practices, processes, information systems and data contents to meet the EU GDPR requirements. This is a huge task. Companies might not have a magic button that lists all their customers. Companies might not have an automated system that would gather all information across all systems to a packet with just a single click. On the contrary. Data might be scattered across numerous databases. It might be erroneous and outdated. In fact, data might be so low quality that companies lose the most of their potential profits.
Employees waste time searching and fixing the data
Employees repeat tasks that failed because of using wrong data
Companies suffer financial losses because of invalid conclusions
Companies are unable to act due to lack of trusted information
Companies and We share the same interests. Accessible, correct, and up-to-date personal data would benefit everyone. It would help us to manage our personal lives and businesses to run their operations. Our time and resources wouldn’t be wasted for managing the chaotic mess of soon-to-be-out-of-date data across numerous and even unknown databases. Businesses could transform their business processes to a more efficient customer-centric self-services. High-quality information would enable a leap forward in the digital market.
Administrative management waste would be eliminated.
Services would focus on customer value.
Customer experience would be personal and enjoyable.
The EU GDPR aims to improve citizen rights against the overwhelming power of global corporations. At the same time, its requirements guide and enforce companies towards systematic data management practices and improved data quality. These will definitely positively impact the bottom line when implemented in alignment with other business development initiatives.
How to tackle GDPR?
The challenges are neither technological nor organizational. They are both. To tackle such a complex problem, Siili Solutions develops capabilities that combine organizational practices and related technological support for EU GDPR compliance. Capabilities that are needed to meet the legal requirements and to enable customer centric business processes.
First, Siili’s EU GDPR Pre-Study that creates understanding of company’s current situation, compliance requirements and alternative development approaches to target state. The Pre-Study aims to support decision-making for further development steps, such as setting up the data governance organization or selecting scope and technologies for MDM initiatives.
Siili’s organizational development is based on setting up Data Governance (DG) organization and processes to support the mandatory Data Protection Officer to fulfill his legal responsibilities. In practice, the Data Protection Governance projects set up organization and processes to guide the development towards EU GDPR compliance.
The technological support is founded on Master Data Management (MDM) solutions that gather, store, validate and distribute data about persons and products across enterprise systems. By using the proven technological tools, Siili has developed technological features that help to standardize and automate legal documentation, customer consents and person data across the different software systems.
Written by Sami Laine