Absoft Sees Positives in GDPR
SAP consultancy offers guidance on how to ensure companies comply with new legislation
It is hard not to be aware of some negativity surrounding General Data Protection Regulations (GDPR), a new law in place to protect the privacy of all people within the European Union. However, with these regulations come numerous benefits for individuals and businesses.
GDPR aims to give citizens an increased level of control over personal data and simplify the regulatory setting for international business by uniting the regulation within the EU. For companies operating in the EU, this means adhering to several new, stringent guidelines regarding data protection.
It sounds arduous to say the least and, as a consequence, many SMEs have not yet made the time to start preparing. For the most part, this is due to anticipated confusion over the new regulations and a general lack of time required to implement them.
However, companies who do ignore the new rules are now in danger of receiving severe fines and penalties from the ICO. In other words, regardless of opinion, GDPR will be a fundamental element of all business operations moving forward.
For SAP consultancy, Absoft – a firm which processes and controls a significant amount of data, it has been critical to practise what it preaches to its clients: Absoft’s GDPR adherence process started many months ago.
Keith Davidson, integrated services director at Absoft, explains: “The most important thing is to accept that adherence to the rules is a must and it’s crucial to research the ways in which it will affect your operations.
“Data protection has always been central to Absoft, but GDPR has really solidified this ethos. We operate ISO 27001, which is a great starting point on the way to becoming compliant, but we also implemented further changes at the start of 2018.
“Despite it being a huge task, we have already seen benefits: we’ve freed up a considerable amount of physical and virtual space and streamlined documentation for all staff.
“Additionally, our marketing strategy will benefit from the data cleanse. For example, sending industry and service updates to current clients will only reach people who are genuinely interested and want to be reached – which is what counts. Moreover, we are also helping our clients on their own journey on how to prepare for GDPR and utilise their existing system and tools – SAP, for example.”
For those businesses struggling to find a starting point, Keith recommends the following steps:
• Research the legislation (GDPR courses are taking place in many cities and online, and are recommended as a starting point) and how it will affect the various departments within your business
• Create an action plan and prioritise tasks accordingly: audit records to find out what data you possess, where it is stored and how it is used
• Remove information that is no longer required and refresh the contents of remaining data to ensure accuracy
• Host team awareness sessions with each department to explain the legislation and how it can be used to improve practices
• Designate GDPR champions to answer questions and ensure tasks are being carried out accordingly
• Decide how best to document moving forward and amend company policies regarding privacy, retention, and disposal and access requests
• Use a retention plan to maintain compliance and arrange regular audits