Part 1 of the “GDPR as Catalyst” series
In the digital race to win new customers and keep existing ones, for the better part of the last two decades businesses have ignored customers’ individual privacy rights. Just as in the early days of corporate social responsibility, companies that discounted the looming requirements and crises posed by global expansion not only paid huge fines but also suffered significant losses in brand value and profits.
Today, most companies are tackling GDPR in response to the risks associated with the fines and loss of customer trust and loyalty. For example, recently Facebook lost US$100 billion in its market cap – the biggest loss in history by any company in a single day, in part resulting from the #deletefacebook movement that emerged from the use of Facebook customer data by Cambridge Analytica.
Companies that see the other side of the coin are investing in new platforms that manage customer information in a unified system across the enterprise. This information ranges from basic personal data (name, phone, email, street address) to more advanced behavioral patterns and analytics brought together from internal and alternative third-party data sources.
Post-GDPR, the new wave of innovations is taking a much broader view of personal information that incorporates not only policy and governance elements but also gives control back to the customer as the rightful owner of their own information. In essence, companies need to come up with ways to enable customers to manage their own information within their enterprise systems. Those that do this successfully will fare extremely well with their customers, employees, partners, and regulatory agencies.
Start with the business processes
Understanding how personal data flows through your business processes and applications is a good first step. While most companies have business process models as part of their enterprise architecture, they may not be able to track how personal data flows through processes and applications. With a clear picture of whether processes are running as designed, as well as where and when processing takes place, you can truly understand what business processes are using personal data and If those processes include third-party entities.
In almost every type of business process, unstructured information is created, required, or exchanged. And while the creator or recipient of that content will likely understand its full context and thus its importance, only too soon that memory fades, and the content is effectively lost to the organization. Even if an individual recollects the content’s existence and location, no connection is maintained between the content itself and the context of the business process that made it relevant in the first place.
Further complicating matters, stakeholders – increasingly spread across various global locations – often collaborate using multiple environments or applications, making complete visibility nearly impossible. What’s more, because the majority of team communication occurs through email, a lot of project-relevant content and key audit-trail information is lost or invisible through normal productivity tools.
The applications that organizations use for enterprise resource planning, customer relationship management, and supply chain management furnish critical structured, transactional information, such as addresses, customer numbers, and order numbers. Integrating this information with unstructured content requires tools for document and records management, collaboration, archiving, scanning, and information retrieval (i.e., enterprise content management applications) that interconnect with the software supporting core business processes.
Companies that must improve how they manage content across the enterprise — that is to say, most companies — often look to point solutions for quick fixes to whatever content problem currently seems the most pressing. But these point solutions often provide only weak records management and archiving capabilities, modest Web content management capabilities, and limited imaging capabilities.
For the unprecedented personal data protection requirements of the GDPR, this is a game changer – especially for executing and documenting deletion requests for an individual’s entire data footprint. That’s because traditional information management solutions often have deletion policies that run on different schedules and fail to link the structured data in enterprise systems with its related unstructured content scattered across other data sources. The result is that related structured and unstructured content are “orphaned” as some records are deleted while the others remain intact, leaving you open to GDPR-related violations.
By tying together personal data and unstructured content, your organization gains control over the burgeoning content from within the business processes across the enterprise.
Watch the interview with OpenText
At SAPPHIRE NOW, Dr. Marcel Hoffman from OpenText sat down with SAP Market Influencer Eric Kavanaugh to discuss the role of enterprise content management in GDPR compliance as well as in digital transformation. To see the first of the five-part discussion, watch the video.
Learn more about enterprise content management.