The new European Data Protection Regulations – A chance for companies

May 25th, 2018 – this date has been hanging above companies like a sword of Damocles. Data protection officers have been flitting nervously from one department to the other, trying within the few remaining weeks to make their companies compliant with the new data protection laws. In the meantime, even those employees that are less interested in data protection have learned the news – the effective date of a Europe-wide law, which is going to have a massive effect on all IT processes.

But why the rush, when the resolution has already been known for two years? Simple – it’s that last-minute-policy of companies who have been – consciously or unconsciously – pushing the topic aside; who have been relying on being ignored so far, because the implementation of these new regulations is a not all-too-insignificant cost factor for companies. This method is not going to work out anymore, however, now that GDPR is being widely talked about – across all media. One of the reasons – just as it occurs with all other topics – are economic factors, which bring an explosive nature into the subject. Because in the event of non-compliance with the rules, companies need to pay either 4% of their worldwide annual sales or a fine of 20 million – dimensions of a certainly alarming magnitude!

Intelligent solutions instead of operative hustle

But instead of falling into blind actionism, it is necessary to thoroughly schedule the remaining time. Because essentially, the GDPR “only” deals with the processing of personal data. While that doesn’t sound grave at all, if you scratch at the surface, the many places within the enormous and ramified network of the enterprise IT where those data can be found become apparent. There are two possibilities to implement these requirements lawfully. Either going on a tedious search to find the numerous places in the extensive digital business world by yourself, in order to realize the changes individually. Or transferring the task to an expert. In doing so, specific requirements need to be met: a profound understanding of the laws as well as of the application areas, paired with a solid knowhow of all business process and data structures. The approach of external specialists is usually oriented towards the classical way of handling the matter: analysis – conception – implementation. This method presents nothing new either, given that the focus of the procedure is on the analysis – because the more detailed and systematically the systems are inspected, the faster and, therefore, more efficiently the implementation can follow.

Optimization of processes

Another advantage of an extensive analysis poses the identification of weak spots, unnecessary processes and data, redundant operations, and many other aspects that affect IT environments. In order to create pragmatic and valid concepts for a company, a systematic intelligence is needed, which identifies both the legal specifications as well as the process structures within the business. This methodology is also mirrored in the implementation of practice-oriented solutions with minimal effort.

This great chance for the company comes with the introduction of the GDPR. Because based on the detailed and particularly systematic observation, processes can be optimized, data can be minimized and the transparency can be increased. With this procedure, companies can change their longstanding ignoring of the GDPR into a unique benefit: making the entire IT environment legally compliant, valid, slim and clean – within only a short amount of time.

Author: Sabine Rudolf
Figure source: © ipopba /