P19
MINING THE GOLD The path to implementing and integrating permanent compliance of GDPR the right way is simple, but not easy. One of the best ways to maintain an overview it is to treat it as a continual annual analysis tailored to the company and its future goals. Continual The integration must be continual, which means there must always be an eye on the prize, in this case compliance. This requires tailored processes, built in education and integration, awareness and system checks. A dynamic approach will ensure that compliance continues and processes adapt, even if the rules change, the company changes, new hires come in, new products launch, or new software is implemented. Annual analysis GDPR demands an ability to document your compliance at any moment. A good way to ensure this is to set up compliance in a way that lives up to annual analysis. An annual analysis has key questions that must be answered, which means they must be identified, measured and documented throughout the year. When they are not, the gaps in compliance are clear. Tailored to the company The path to integration must be tailored to the company’s existing processes and goals. This will help make the transition as smooth and cost-efficient as possible, ensure that it works with existing resources, and that it reaches all necessary areas of the company. And its future goals Finally, the company’s strategy and future goals must be taken into account when working out a path to compliance. There is gold to be found in this process. Not doing so is a lost opportunity. In conclusion, the most cost efficient, sustainable and beneficial solution is an evolution tailored to the existing processes and the future goals of the current business. This exercise will not just have a positive impact on general IT capabilities, but also on operational productivity and cost. For utility companies not already in the habit of analyzing and documenting to this extent, getting the right support to identify and establish the best past to compliance is often necessary. Regardless how utility companies move forward, the key to turning challenge into opportunity is to view GDPR as a window to improve not only a company’s data governance but the efficiency of the entire organization.
The fact is that for most companies within the utility sector, GDPR compliance requires a level of change that spans the entire organization, from policy to technology, procedure, process, management, and culture. It demands that the message reaches and settles within the entire organization, including in the daily awareness, habits, and routines of employees. It is easy to see why the journey to become compliant is highly complex, and how it can be a difficult priority for a company whose core competencies lie elsewhere. THE GOOD NEWS FOR UTILITY COMPANIES The good news is that the level of self-examination required to become compliant, is a highly valuable opportunity to optimize efficiency, productivity and data management across the organization. Our experience with utility companies has made it clear that any time spent mapping, identifying and integrating the best path to compliance can bring significant benefits across the wider organization. The key is to map these changes from a perspective that brings the company’s long-term strategy, daily operation and goals into the equation. This was also the finding of companies in the Deloitte survey, of which 61% said they expected to see benefits beyond compliance, and 21% expected to see significant benefits, such as competitive advantage, improved reputation and business enablement. Based on the research, the report stated: “The key here is intelligent implementation, capitalising on the need for change and transformation to make a compliance requirement a real business enabler. Organisations should focus their efforts not just on what needs to be done, but on how it can best deliver real long-term benefit.” We could not agree more. These changes have to happen, and done intelligently, with a focus on long-term business development and benefit, there is real value to be gained in the process. OUT OF TIME? The penalties associated with non-compliance are significant, reaching up to 20 million euro or 4% of a company’s worldwide annual revenue. While there has been concern expressed about this, it is still too soon to say how they will be enforced. However, with many, if not most, companies unlikely to be fully compliant at this point, and considering the extensive changes required of each individual organisation, it is difficult to imagine harsh enforcements being enacted immediately. While companies should be ambitiously pursuing compliance at this point, it is far too valuable a process to do wrong, and far too expensive a process not to do right.
For further information please contact:
Pernexus Systems Att.: Serena Isolan Herlufsholmvej 37 DK-2720 Vanløse
Phone: +45 3325 1666 sis@pernexus.dk
www.dbdh.dk
A N N I V E R S A R Y I S S U E 2 0 1 8
Made with FlippingBook Converter PDF to HTML5