Advice and Information for Finance Professionals

How to Reduce Risk and Get In Line with GDPR

Guest Author

By Dane Roberts, Product Strategy, Risk Management Cloud, Oracle

The deadline for General Data Protection Regulation (GDPR) has come and gone. Many questions remain unanswered about the regulation as a slew of companies are still becoming compliant. 

The consequences for non-compliance can be steep. Organizations could face fines up to 4% of total revenues or 20 million Euros for not following GDPR. In addition, EU regulators have stated "clouds" will not be exempt from GDPR enforcement.

What is GDPR?

In brief, GDPR is a data protection regulation that applies to the data of anyone who lives in the European Union. Any company—regardless of geographical location—that stores and/or processes data about an EU resident or citizen falls under the jurisdiction of GDPR. It applies to all information related to the individual, whether it’s data about their private, professional or public life. In addition, it does not matter where the data resides; it’s only about whose data it is—a sweeping regulation. 

Key Customer Rights & Requirements under GDPR

Data protection by design and by default

Companies must design data protection in the development of business processes for products and services. This means from the design stage all the way through the life-cycle, companies have to integrate data protection into their processing and business practices. This proactive approach or concept of considering data protection and privacy issues up front is not new; the key change with GDPR is that now it is a requirement by law. 

Right of access

Upon asking, EU citizens may access their personal data and information about how that data is being processed. Individuals seeking to access their data can submit a written or verbal Subject Access Request (SAR) and organizations must respond within one month.  

Right to erasure

The right to erasure, also known as the "right to be forgotten," is an EU citizen’s ability under GDPR to request erasure of personal data related to them on any one of a number of grounds. Again, individuals can make this request verbally or in writing and organizations will have one month to respond. 

Right to data portability

This right enables anyone in the EU to transfer their personal data from one electronic processing system to another, without being prevented from doing so by the data controller. 

How Oracle Cloud Helps with GDPR Compliance

Oracle provides the tools that can help organizations streamline their compliance process. Once an organization defines its policies and procedures, they can execute those processes using the modern functionality within Oracle Cloud. Here are two examples: risk management and data management.

Risk Management

"Data protection by design and default" means that, under GDPR, organizations must show they have the proper processes and technologies in place to protect data in their systems.

Oracle Risk Management Cloud helps organizations embed data security, compliance and governance into the Oracle software-as-a-service (SaaS) applications that they use to run their business processes (such as finance). Oracle Risk Management Cloud provides the ability to analyze and assess security design at the lowest levels of detail, monitors transactions that involve private data, and offers an end-to-end flow to manage and certify user access and compliance. It gives you the ability to:

  • Complete data protection impact assessments
  • Certify and monitor employee access to personal data
  • Respond to SAR requests on personal data access and use
  • Quickly report personal data breach and other security incidents

Data Management  

Data management is a complex and ever-evolving process. Organizations often manage their data manually through conversations, telephone calls, spreadsheets, and e-mail, or via a number of disparate systems—leading to information silos, data integrity problems, and a nightmare for GDPR compliance. 

Oracle Enterprise Data Management Cloud takes an innovative approach at helping organizations automate the process for GDPR compliance by packaging data in a format that is manageable and available when needed. 

Oracle Enterprise Data Management Cloud provides organizations with a single source of truth for personal data—centralizing it within a purpose-built system. If your data is in a plethora of systems or places and you don’t know where specific data is, it’ll be very hard to comply. You can’t erase, transfer, or report on how someone's data is being used if you don’t know where it is.

Get 5 more perspectives on GDPR. Read the brief.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.