Member Article

How can automation help businesses get their ‘house in order’ post-GDPR?

It has been almost four months since the new GDPR laws kicked in and businesses are beginning to sense the consequences. In fact, European regulators are already reporting an increase in the number of complaints they have received regarding data protection.

In the UK, the Information Commissioner’s Office (ICO) has seen a rise in breach notifications from organisations, as well as more data protection complaints. In France, the data protection regulator, CNIL, reported a 50 per cent increase in the number of complaints and in Austria, more than 100 complaints have been filed in the last month, along with 59 breach notifications – the same number that would typically be received in eight months.

This demonstrates how the public interest in data use and storage is growing post-GDPR and also following the furore surrounding Facebook and Cambridge Analytica’s misuse of data.

Some consumers are filling in data forms requesting a change in how their data is held or even asking for it to be completely erased. Against this backdrop, what role can automation play in helping firms deal with the barrage of incoming requests?

The new normal

GDPR encourages people to think about their personal data and empowers them to ask questions about how it is being used. Some of these requests have already proven difficult to implement. For example, working out what it means for a business to forget someone is not straight-forward. Consider for a moment the processes and technology most businesses have in place including back up systems – by definition they are designed to not forget things. Forgetting means forgetting everywhere even in long-lost archives. How do companies even begin to know all the places where they have data on a person?

Going forward, businesses will be continually processing requests from the public demanding the right to access and erase data. If they fail to respond in a timely way, they run the risk of hefty fines. Companies need robust processes in place to tackle incoming queries and ensure timely follow-up and resolution. Response is not just a matter of customer satisfaction. It’s now the law.

How can automation help?

Technology can play a big part in helping businesses navigate the GDPR journey. Having an automated system in place to capture data requests supports companies as they manage the influx of customer queries and means inbound requests can be constantly monitored.

It is vital that compliance with GDPR becomes ingrained in the day-to-day life of all companies and automation can bring some order to this. It can help companies retrieve information requested by customers, especially if they hold multiple forms of data on them. For example, businesses that receive requests to erase customer data will need technology to ensure the masses of information they have on each individual can all be found and erased.

The human touch

While people may want to protect their privacy, businesses still need to maintain accounting records, tax information, and other legal data on its customers. Thankfully GDPR allows for this and this is where the art or nuance sets in. It is also when the limitations of technology are felt.

Technology cannot be programmed to determine which data can be erased and which data can be kept. An automated system is excellent at capturing and filtering queries but it needs help to decide the right action. Enter the human Data Privacy Officer who can make a judgement call as to which information a business must keep, and what can be erased. This is a key area in which automation can assist humans but not replace them.

Using data to improve customer experience

There are many silver linings to GDPR – as firms collect and cleanse their data, there is huge opportunity to understand the customer journey better. The more information that a company knows about its customer, the more it can create a personalised experience for them and GDPR lets you maintain that data. Now is the time to put the information you’ve been collecting to good use to elevate the customer experience. Otherwise you need to stop collecting it and erase it.

GDPR is a good prompt to encourage companies to automate, cleanse and centralise their business processes and data handling. As GDPR becomes better understood, the potential for more automation grows. It is a key tool for living in a post-GDPR world and can transform a business into a lean operation that not only complies with GDPR but also has strong and vibrant client relationships, built on trust and mutual understanding.

This was posted in Bdaily's Members' News section by Larry Augustin, CEO at SugarCRM .