Why GDPR Is A Helpful Catalyst For The Postmodern CIO

Christine Ashton

Part 7 and final blog in the “Postmodern CIO” series

The EU’s new General Data Protection Regulation (GDPR) is a catastrophe for old, immobile enterprises. By May 25, 2018, many large businesses will have endured a rocky path to compliance and managing breaches, at considerable cost. Some may well have seen negative impact to their brands from data issues.

GDPR is a challenge, but it is also an opportunity. For the postmodern CIO – at ease with the tools the digital revolution has provided – this is a chance to show how cloud computing can be leveraged to transform business in a way that mitigates corporate risk.

Why companies are worried about GDPR

The 1995 EU data protection directive laid out a strong framework, but failed to properly imagine the complexity of modern IT infrastructures.

Established organizations often have a mishmash of technologies handling client data. Older companies, especially financial institutions, often still use systems that date back to the ’80s and ’90s, running on obsolete platforms. The architects of some of these platforms never considered the need to delete data, let alone implement such a feature.

Meanwhile, the majority of companies now use cloud services in some way, but not always in a business process–optimized way. The average European enterprise uses an astonishing 608 cloud services, including Dropbox, Google Docs, and OneDrive. Most of these are shadow IT systems – not supported or sanctioned by the IT department and therefore prone to misuse. Identity data can leak into these cloud services’ databases with surprising ease. Personal data regularly pops up as text fields – unstructured data.

This IT landscape makes it impossible to guarantee the safety of client data and to give individuals the right to decide how their data is used, which is the purpose of data protection legislation. GDPR seeks to redress the balance by imposing punitive fines on companies that don’t simplify and unify client data storage and understand identity data lifecycles. So the more fragmented a company’s systems are, the more work they will have to put in to comply with the request to “delete everything you hold on me, please.”

How this benefits postmodern CIOs

Postmodern CIOs have moved from operating IT to owning ecosystems. They focus less on managing teams and more on growing talent. Delivering innovation trumps merely keeping the lights on. For postmodern CIOs looking to pivot to the cloud, this is an excellent time to launch a revolution within their organizations.

There are four main arguments that CIOs can make to their C-suite colleagues relative to GDPR:

1. GDPR compliance can be built into the IT landscape and scaled.

One of the most persuasive arguments against on-premise systems is the cost of installation and maintenance. The cost of compliance is something else to consider, especially as the move towards GDPR compliance may be so painful. Companies such as SAP provide facilities for structuring data and defining access to it, as well as reporting on compliance with those rules. These capabilities help in reducing the overhead of meeting compliance, as well as the spend on identifying anomalies and quantifying compliance on an ongoing basis.

For some organizations, GDPR has resulted in decisions such as the removal of an entire CRM facility because of the inability to control access to customers’ data. So for many organizations, GDPR also represents an opportunity to reconsider their IT landscape. Wholesale relocation of core capabilities to the cloud is an even more reasonable consideration.

2. The quality of data will improve.

One of the problems arising from GDPR is that companies store huge amounts of superfluous customer data, including operational data that could be used to reconstruct individuals’ identities. GDPR will force companies to store only essential data, which means that some organizations will need to perform huge data-cleansing operations. Some organizations will need to reconsider their approach to marketing. But this is a chance to create new data models based on what you actually need to know about your clients, what they’ve consented to, and how they want to be interacted with. It’s also a chance to migrate to a cloud system that has the capability to support and reinforce GDPR, and can immediately adapt to the new demands GDPR will place on it.

3. Analytics will improve.

When you have meaningful customer data, it’s much easier to perform analytics and generate insights that can help steer other departments, such as finance and marketing. Of course, to do this cost-effectively and at scale, you need to migrate this workload to the cloud. You will need major computing power to perform detailed, real-time analytics, with increasing demand as more of your colleagues take advantage of it. The postmodern CIO needs to make clear the connection between Big Data and the cloud and outline the benefits to other departments.

4. People are going to use cloud services anyway.

Security fears are the main barriers to cloud adoption. The argument is that no cloud system can ever be secure as a sealed, secure, on-premise network. This is true; but no network is ever sealed these days. People want to work remotely and expect to be able to share with external parties. Third parties want to transact with you, and in some cases manage your inventory. Customers want to buy your products wherever they are in the world, and in a currency that suits them. If this is not supported by official IT systems, your business will turn to shadow IT systems, such as personal cloud accounts or copying data onto USB drives. In the long run, cloud systems are more secure than on-premise systems, because they support the need of employees to work remotely or to use their own devices. And they provide consistent, scalable means to manage your security, identity, and other needs. For example, SAP manages 137 million cloud service users worldwide.

GDPR is legislation with an eye to the future. It imagines a well-managed, connected, data-driven world, similar to that envisaged by most CIOs. This is a chance to change how your company thinks about data and the cloud and start moving towards the future. Don’t let it pass you by.

For more on this topic, see 5 Ways To Keep Your BI Team On The Right Side Of GDPR.


Christine Ashton

About Christine Ashton

Christine is global chief digital officer, Digital Office ERP Cloud at SAP. Her focus is to work with CxOs to reimagine strategy and business practices. She works with senior executives to plan their “AI-first” digital transformation road map enabled by intelligent ERP and public cloud. Notably, Christine is recognized in Computer Weekly's 2017’s Most Influential Women In IT - Top 100 list.