GDPR: Point Solution Or Enterprise Solution?

Neil Patrick

In one of my previous blogs on the EU General Data Protection Regulation (GDPR), I examined the complexity of GDPR and noted that it was complicated enough without having to manage incremental point solutions to sticky tape over pain points as they become evident. Then recently, I read a 19-page summary of niche GDPR solutions that are currently available. Although each of these solutions is valuable for some very specific needs, I still see some drawbacks.

Here’s the problem: They pick niche areas to solve, and they don’t talk to each other. This approach introduces a major area of exposure with regard to GDPR compliance: its impact is incredibly large, intrusive, cross-business, and inter-business. Companies cannot just pick the top two of the most important GDPR aspects and be done with it. More is needed for GDPR; therefore, more pieces of sticky tape are needed. Because different vendors supply these solutions, the software supply chain proliferates again, instead of heading in the direction of reduced total cost of ownership or simplified supplier relationships.

A recent GDPR event speaker, on behalf of a GDPR regulator, stressed the need for evidence of accountability, governance, and sustainable processes within GDPR compliance. Of course, in theory, this can be achieved with Excel spreadsheets, niche solutions, and emails. However, as an ongoing business-as-usual procedure for GDPR compliance, this approach quickly becomes unwieldy, unmanageable, very time-intensive, inaccurate, and ultimately ineffective. I would not want to tell a regulator who is auditing me for GDPR compliance, or during a data-breach event, that this was my master plan.
core business areas impacted
A strategic, repeatable approach opens an opportunity to optimise processes and reduce internal costs – leading to enterprise business resilience and process improvement as well as enterprise GDPR compliance. Adopting enterprise-ready, proven technologies for GDPR compliance will also allow you meet a substantial number of other regulatory or policy compliance needs with the same level of investment.

Experienced services and partners, plus legal advice, are required to guide a program towards GDPR compliance. For this reason, companies need to buy into GDPR for the long haul. The eye-watering magnitude of the potential fines springing from a very broad definition of a data breach suggests that this requires serious attention and an embedded enterprise answer.

Personally, I do not foresee a single monolithic solution covering everything for GDPR compliance. Why? It does not make sense in the modern complex IT landscape. However, it is achievable to implement a relatively small solution set that provides a pragmatic end-to-end answer for GDPR compliance.

Get the latest information on GDPR compliance. Attend the live stream session “Get Ready for EU GDPR Compliance,” one of many events taking place at the SAP Innovation Forum, hosted by SAP UKI, on March 1, 2017. Neil Patrick, EMEA Center of Excellence Business Development and Evangelist at SAP, will provide insight on what businesses should consider when complying with GDPR requirements.

Neil Patrick

About Neil Patrick

Dr. Neil Patrick is a Director of SAP Centre of Excellence for GRC & Security covering EMEA. He has over 12 years’ experience in Governance, Risk Management and Compliance (GRC) & Security fields. During this time he has been a managing consultant, run professional services delivery teams in the UK and USA, conducted customer business requirements sessions around the world, and sales and business development initiatives. Neil has presented core GRC and Security thought leadership sessions in strategic customer-facing engagements, conferences and briefing sessions.