The EU’s General Data Protection Regulation comes into effect May 25 — just 10 weeks from now. This massive directive strengthens data protection for individuals, but with far-reaching implications for businesses.
WorkFusion provides a uniquely powerful platform to help businesses comply. Through a combination of robotic processing automation (RPA) and machine learning, our Software Processing Automation innovations can help businesses handle a much larger volume of data requests, often at a higher accuracy rate. Our unique human-in-the-loop features also make it easy to process exceptions and provide legal authorizations.
But first, let’s consider the threefold purpose of the GDPR directive. Firstly, it harmonizes regulation throughout the EU so there is a single regime for data protection, replacing multiple national frameworks. Secondly, it extends the scope of EU data protection to all companies doing business with EU residents — even businesses outside Europe have to comply. Finally, it puts stricter controls on personal data, giving EU citizens “digital rights.”
Complying with GDPR includes:
- Transparency: Customer rights should be clear.
- Communication: Guidance should be provided when collecting personal data.
- Consent: Customers should give consent freely in a specific, informed and unambiguous manner.
- Revocation of consent: It should be as easy to revoke consent as it was to give, at any time.
- Access: Customers have the right to request their data, and it should be provided within a month.
- Portability: Customers can request their data be transferred to another organization, and it must be done without hindrance and in a structured common format.
- Cleansing: Personal data must be stored no longer than necessary.
- Erasure: Customers can request to have their data erased.
- Updates: Customers can request to have their data corrected or changed.
- Unstructured data: Even unstructured customer data is considered within scope of GDPR.
Most businesses are poorly prepared. Only 38 percent of firms in the UK say they are aware of GDPR. Of those who are aware, only a quarter think they’re ready. A failure to comply can result in substantial fines of up to 4 percent of a firm’s total global revenues.
Changing company policies represents part of the solution to GDPR, along with new methods as to how data is ingested and stored. However, the burden of compliance will soon become much higher. Business will need to process a huge volume of requests — accessing, updating and erasing data, for examples.
For the majority of firms, this will require manual processing using countless systems and databases. This will be pure drudgery: thankless, repetitive, manual work that is unfulfilling for staff. The burden is particularly severe for customer-facing businesses and those with multiple systems, such as banks, insurers, utilities, telcos and retailers. We’re working with one of Europe’s leading retailers, and this company has more than 300 applications containing customer data. In addition, there are complex legal nuances; rights are not absolute and handling some data may require legal guidance.
WorkFusion’s Smart Process Automation (SPA) software is uniquely powerful in helping businesses overcome this challenge.
Using WorkFusion, a company can quickly create automated processes which will handle customer data with a maximum degree of ease and efficiency. Using machine learning, this software is able to identify different types of customer data requests (e.g., access, update, erase), automatically triggering necessary next steps. Special cases and exceptions are seamlessly transferred to a person for review, so the software learns from this experience, becoming smarter with each request.
After requests have been identified and triggered, WorkFusion can also help automate processing across different applications and databases of the business. A range of capabilities can be used to speed up implementation — including APIs, an RPA Recorder (no-code RPA for ops people), WorkFusion Studio (RPA for developers), and AutoML (AI without the need for a data scientist).
All business applications are within scope, from those living in the cloud to old mainframes or systems only accessed through Citrix. Finally, as an AI-first RPA vendor, WorkFusion is able to process unstructured data sources. Our competitors force businesses to rely only on complex multi-vendor bolt-ons, or on a long path roadmap that won’t be ready until years after GDPR comes into effect.
WorkFusion can be installed tomorrow, with AI-powered automation implemented in weeks — not months or years.
If you have any questions about how SPA can help you meet GDPR requirements, please get in touch.