Written By: ecurity Business Development Director, Oracle EMEA
General Data Protection Regulation (GDPR) may be just around the corner, but it’s not too late to take control of your data and prepare your organization. As a Human Resources manager, you’ll probably be asking yourself how this upcoming European legislation will affect personnel data that your company might have, wherever your employees might be located. Here, I have outlined five simple steps that can help you get on the path to continuous compliance.
But first, a bit of background!
The EU GDPR will come into effect on May 25, 2018. It applies to all organizations inside the EU and any outside who handle and process data of EU residents. It is intended to strengthen data protection and give people greater control over how their personal information is used, stored and shared by organizations who have access to it, from employers to companies whose products and services they buy or use. GDPR also requires organizations to have in place technical and organizational security controls designed to prevent data loss, information leaks, or other unauthorized use of data.
The EU has had data protection laws in place for over 20 years. However, in that time, the level of personal information in circulation has grown dramatically, and so have the different channels through which personal information is being collected, shared and handled. As the volume and potential value of data has increased, so has the risk of it falling into the wrong hands, or being used in ways the user hasn’t consented to. GDPR is intended to bring fresh rigour to the way organizations protect the data of EU citizens, while giving citizens greater control over how companies use their data.
So, now what should organizations be doing?
With the deadline for GDPR closing in, it might be tempting to quickly implement as many data protection measures as possible. While this sense of urgency is warranted, a measured and strategic approach is best. Companies first need to understand GDPR, how it applies to them and exactly what their obligations are.
To better monitor their data, organizations first need to make relevant information easily accessible to all the right people internally. Years of growth and diversification may have left them with disjointed systems and ways of working, making it difficult for individual teams to understand how their data fits in with data from across the organization. This makes customer information almost impossible to track in a cohesive way, which is why it’s crucial to centralize data and ensure it is constantly updated.
The next step for organizations is to facilitate the exchange of information between teams. They draw on more customer data from more touch-points than ever today to help personalize products or services, but this also means the information they collect is spread thinly across the organization. To gain a more accurate view of their data, organizations need to integrate their systems and processes so every team has access to the data they need.
With businesses collecting such large volumes of data at such a rapid rate, complexity quickly becomes the enemy of governance. Rather than opting for a breadth of technologies to manage this information, they may want to consider using a single system that sits across the organization and makes data management simple. Cloud-based applications are well-suited to this end, as they allow businesses to centralize both data and data-driven processes, making it easier to track where and how information is being used at all times. For example, more and more of our customers are taking advantage of Oracle's unified cloud ERP and HCM approach to better future proof their businesses and data.
New technologies can only go so far in making an organization GDPR compliant. As ever, change comes down to employees, culture and processes. Data protection must be baked into the organization’s DNA, from decisions made in the boardroom down to the way service teams interact with customers and how you input and store data in your human capital management platform.
Much of the focus around GDPR has been on the cost organizations will incur if their data ends up in the wrong hands, but it’s worth remembering that above all else the law requires them to show they have the people, processes and technologies in place to protect their information. By following these simple steps organizations can put themselves in a better position to take control of their data.
Find out more on how Oracle security solutions can help support your response to GDPR.