By Christian Almskou, GDPR Consultant, Pernexus Systems, Per Samuelsen, GDPR Consultant, Pernexus Systems, Serena Isolan, Business Development Manager, Pernexus Systems
While Facebook and Cambridge Analytica have brought a world of attention to the concern over personal data, companies across Europe have spent the past two years in a race to comply with new and stricter EU legislation on the protection and handling of such data. There is no doubt that General Data Protection Regulation (GDPR) remains a tremendous challenge for utility companies across Europe. A European-wide benchmark survey, done prior to the deadline by the company Deloitte, found that only 15% of companies expected to be in compliance with the rules by deadline. The greatest challenges they stated were a lack of time, a lack of clarity in what was demanded, and the degree of difficulty in complying with the demands. However, as we move past the deadline towards continual integration, it is important not to overlook this process as a unique opportunity for valuable long- term business development.
THE CHALLENGE FOR UTILITY COMPANIES To utility companies, the handling of personal data has always been an integral part of the daily operation and administration. In fact, data is one of the most valuable assets to the company, as well as to their client, and in the current environment of heightened privacy concerns – increasingly so. Protecting and respecting data is key to any company’s continued and future success. The challenge is in the increased complexity of the new GDPR rules, which mean that compliance often requires a comprehensive update or shift in existing processes, documentation, controls and the handling of data. This is not a one-time fix. It requires continual and dynamic attention to ongoing competencies and processes. Under this new legislation, the handling of personal data must be an integrated and agile process that is continually maintained and adjusted. To most utility companies, this presents a massive challenge. While most have handled data lawfully and responsibly in the past, this demands an entirely different approach to documentation and processing of personal data - which in turn demands an entirely new level of competencies, management and resources that has not been necessary in the past. According to the previouslymentionedDeloitte study, companies reported that the most difficult elements of compliance were rules surrounding the right to erase, developing and maintaining a personal data register, the accountability principle, data portability, maintaining a record of processing, and rules of consent.
How to approach this process to the greatest benefit for utility companies will be the focus of this article.
ABOUT GDPR That companies struggle with compliance is not surprising, the General Data Protection Regulation has been described as one of the most disruptive changes for EU businesses in recent history. It was approved by the EU Parliament in April 2016, with an enforcement date of May 25, 2018, giving companies a two-year transitional period in which to become compliant. The law aims to bring all EU member states under one umbrella by enforcing a single data protection law, with the purpose of strengthening the privacy rights of European citizens, and to reshape the way organizations across the region approach data privacy. It applies to all companies that handle personal data, dictating how they use, collect and store data, and requiring them to demonstrate compliance at any time.
E N E R G Y A N D E N V I R O N M E N T
Made with FlippingBook Converter PDF to HTML5