What role does automation play in GDPR compliance?


By Larry Augustin, CEO at SugarCRM

It’s been a couple of months since GDPR came into force and businesses are starting to realise the impact of the new regulations. According to reports, the first month of GDPR saw a sharp increase in the number of complaints to regulators across Europe and people are now starting to think a little more about how a business might be using their personal data.


Businesses need to be ready to deliver on requests from the public on their right to access and erase data and will need to ensure processes are in place to tackle these incoming queries. But just what effect has GDPR already had, what will the future look like and what role will automation play in helping companies deal with incoming requests?


Corporate victims

Several big businesses have already been affected by the regulations. Retailer Fortnum & Mason has already had to admit the loss of around 23,000 customer records – which included emails, telephone numbers and delivery addresses of customers who filled out a survey. Travelodge was also forced to announce that 180,000 personal details of its clients were taken, including date of birth, passport numbers and billing information.


Both companies have had to contact each person whose data has been lost, as the new regulations require disclosure within 72 hours of a breach.


Overwhelmed by Requests

Although there are many aspects to GDPR, one side effect is that it encourages people to think about what personal data about them that a company might keep. And it requires companies to respond to certain requests from people. For example:


What kind of personal information do you have about me?

How specifically is this information being used?

Provide me a copy of all the data you have on me

Forget me

Some of these requests are hard. Think about what it means for your business to forget someone.  Consider for a moment your people and systems. Most systems are designed to not forget things.  Do you have backups? Forgetting means forgetting everywhere. Can you even find all the places where you have data on a person?

Imagine your business inundated with requests from the public demanding the right to access and erase data. If you fail to respond in a timely way, you run the risk of hefty fines. You will need to put in place processes to tackle incoming queries, and ensure timely follow-up and resolution. You need a system to manage requests and make sure they don’t go unanswered. Response is not just a matter of customer satisfaction. It’s the law.


The role automation plays

Technology can play a big part in helping businesses to navigate the GDPR journey. Using an automated system to capture all data requests helps companies manage the influx of customer queries, and means inbound requests can be constantly monitored. Ongoing compliance with GDPR needs to become part of the daily operation of the business.


Automation also helps companies efficiently retrieve information requested by customers, especially if they hold multiple forms of data on the customer. For example, businesses that receive requests to erase customer data will need technology to ensure the masses of information they have on each individual can all be found and erased.  Any missed data could lead to gaps in compliance and fines.


The need for human intervention

In the midst of GDPR compliance, you also need to run your business. People may want to be forgotten, but a business also needs to maintain accounting records, tax information, and other legal data on its customers. GDPR allows for this.  But technology by itself cannot be relied upon to determine which data can be erased, and which data you are otherwise required to keep.


Technology can only go so far with capturing and filtering queries; the system then needs help to decide the right action. Enter a human. The Data Privacy Officer steps in and makes a judgement call as to which information a business must keep, and what can be erased.

Humans and technology must work together to ensure compliance with the new regulations. Automating some of the processes will better equip your business to respond efficiently and effectively to customer data requests.


GDPR as an opportunity

In the era of the Internet and instant globally visibility, businesses depend even more on delivering a great customer experience. Take advantage of the need to comply with GDPR to understand your customer journey, what information you need to maintain about customers, and your overall customer experience. The more information you know about the customer, the more you can tailor to them a personalised experience.  You need customer data to personalise the experience, and GDPR lets you maintain that data. If you’ve been collecting information in the hope of elevating the customer experience, now is your chance.  Put that data to good use now.  Otherwise you need to stop collecting and erase that data.  Use GDPR as an opportunity to finally finish that customer journey or personalisation project that you’ve had on hold.


No more excuses or delays! Businesses need to automate their GDPR processes.  As GDPR becomes better understood, the potential for more automation grows.  But for the foreseeable future humans need to make key judgement decisions. Ultimately, GDPR is a great opportunity to galvanise your business and automate some of your existing processes.  Use it to help employees become more efficient and keep the business aligned with the new regulations, whilst also strengthening client trust and relationships.

Related posts