Ensure business value while being GDPR compliant
How to ensure business value while being GDPR compliant? With the General Data Protection Regulation (GDPR) coming into force in the European Union (EU) on May 25th 2018, so-called Shadow IT could pose a serious risk to your business when it comes to privacy and security. Not to worry, WEM has got you covered!
Sharing files via Wetransfer, saving business information in Dropbox or handing out unsecured spreadsheets on a USB stick. These are just a few Shadow IT examples many companies (unknowingly) deal with. Read on to find out how you can ensure business value while being GDPR compliant by developing apps on our no-code development platform.
The GDPR and shadow IT
In short, the GDPR presents a clear set of rules and guidelines for companies to maintain safe, secure and compliant processing capabilities of personal information. Shadow IT concerns all resources – from devices, software to services – that have not been approved by or are not in control of your company’s centralized IT department. “Approximately 12% of employees in Europe engage in self-service data preparation using various spreadsheet software” (IDC Survey commissioned by Alteryx, Nov. 2017). Wondering why? Often these are free and easily accessible applications that employees love.
“Business units deal with the reality of the enterprise and will engage with any tool that helps them do the job. Companies should find a way to track Shadow IT, and create a culture of acceptance and protection versus detection and punishment” Gartner (2017)
The crux of the matter: Saving or sending data via uncontrolled solutions, categorized under the umbrella of Shadow IT, often involves the processing of personal data and thus falls under the scope of the GDPR. Hence, free low-threshold tools are easy, but your business might end up paying the price for this. The key question: How to unlock business value while being GDPR compliant?
Records of Processing Activities
Let’s take a closer look at GDPR Article 30: “Records of processing activities”. If your employees use foreign apps, your records of processing activities is in any case incomplete. After all, you can’t control the unknown. As previously explained by WEM CEO Rob Schilperoort in his blog on GDPR, as part of our customer portal our partners or customers can directly record their representatives for GDPR purposes, including their data protection and security officers. In addition, WEM will not transfer customer data to a third country or international organization unless specifically reported as part of the service agreements.
Security of Processing
Following, the thorny issue of security. GDPR Article 32 reads: “Security of processing”. Companies have a legal obligation to take technical and organizational measures to ensure a “security level appropriate to the risk posed”. It’s a pretty difficult task to secure something that you do not know exist, right?
The WEM environment is covered by several layers of both technical and organizational measures to ensure security, safety, confidentiality and continuity of data. From continuous duplication to periodic backups. Overall implementation is reviewed to ensure continued compliance with state of the art security practices.
Maximizing business value
With the implementation just around the corner, organizations should map employees’ actual use of IT resources, to critically assess these against the GDPR principles. The role of any business is to find a way to minimize risk, while optimizing progress, both internally as well as for customers. “And, let’s be honest, if we, within a company, don’t provide a controlled platform for our end-users, say employees, to use, they’ll find their own way,” Schilperoort explains. “With WEM, end-users get data-access and flexibility they desire, while you can ensure the continuity or your business and the privacy and security of your data”.
Curious how you can ensure business value while being GDPR compliant? Get in touch with our distributors.