Data Protection is Just the Tip of the Iceberg
Part 1 of a 5 part series on GDPR
In the digital race to win new customers and keep existing customers, businesses, for the better part of the last two decades, have ignored customers’ individual privacy rights. Just as in the early beginnings of corporate social responsibility, companies that discounted the looming requirements and crises posed by global expansion not only paid huge fines, but also suffered significant losses in brand value and profits. Today most companies are tackling GDPR in response to the risks associated with the fines and loss of customer trust and loyalty. For example, recently Facebook lost more than $100B in its market cap in a single day – the biggest loss in the history of any company in a single day – in part because of the #deletefacebook movement that emerged related to the use of Facebook customer data by Cambridge Analytica.
Companies that see the other side of the coin are investing in new platforms that manage customer information in a unified system across the enterprise. This information ranges from the very basic personal data (name, phone, email, street address) to more advanced behavioral patterns and analytics brought together from internal as well as alternative third-party data sources. Post-GDPR, the new wave of innovations are taking a much broader view of personal information that incorporates not only the policy and governance elements, but also gives the control back to the customer as the rightful owner of their own information. In essence, companies need to come up with ways to enable customers to manage their own information within their enterprise systems. Those that do this successfully will fare extremely well with their customers, employees, partners, and regulatory agencies.
Start with the business processes
Understanding how personal data flows through your business processes and applications is a good first step. While most companies have business process models as part of their enterprise architecture, they may not be able to track how personal data actually flows through processes and applications. With a clear picture of whether processes are running as designed, as well as where and when processing takes place, you can truly understand what business processes are using personal data and If those processes include third-party entities.
In almost every type of business process, unstructured information is also created, required, or exchanged. And while the creator or recipient of that content will likely understand its full context, and thus its importance, only too soon that memory fades, and the content is effectively lost to the organization. Even if an individual recollects the content’s existence and location, there is no connection maintained between the content itself and the context of the business process that made it relevant in the first place.
Further complicating matters, stakeholders – increasingly spread across various global locations – often collaborate using multiple environments or applications, making complete visibility nearly impossible. What’s more, because the majority of team communication occurs through email, a lot of project-relevant content and key audit-trail information is lost or invisible through normal productivity tools. The applications that organizations use for enterprise resource planning, customer relationship management, and supply chain management furnish critical structured, transactional information, such as addresses, customer numbers, and order numbers. Integrating this information with unstructured content requires tools for document and records management, collaboration, archiving, scanning, and information retrieval (i.e., enterprise content management applications) that interconnect with the software supporting core business processes.
Companies that must improve how they manage content across the enterprise — that is to say, most
companies — often look to point solutions for quick fixes to whatever content problem currently seems the most pressing. But these point solutions often provide only weak records management and archiving capabilities, modest Web content management capabilities, and limited imaging capabilities.
For the unprecedented personal data protection requirements of the GDPR, this is a game changer – especially for executing and documenting deletion requests for an individual’s entire data footprint. That’s because traditional information management solutions often have deletion policies that run on different schedules and fail to link the structed data in enterprise systems with its related unstructured content scattered across other data sources. The result is that related structured and unstructured content are “orphaned” as some records are deleted while the others remain intact, leaving you open to GDPR-related violations.
By tying together personal data and unstructured content, your organization gains control over the burgeoning content from within the business processes across the enterprise.
At SAPPHIRENOW, Dr. Marcel Hoffman from OpenText sat down with SAP Market Influencer Eric Kavanagh to discuss the role of enterprise content management in GDPR compliance as well as in digital transformation.
Watch the Interview with OpenText
To see the first of the 5-part discussion, watch the video.
Learn more about enterprise content management.