So, you’ve been swamped with massive application backlogs and haven’t been able to dig into understanding the requirements of GDPR. After all, the legislation won’t go into effect until mid-2018, and you’ve been running against so many other mission-critical business deadlines that have been much tighter than GDPR. But wait! It’s only five months away now. Christmas day marks exactly five months until GDPR goes into effect. And 2018 is not a leap year, so there goes one more potential day of procrastination.
The General Data Protection Regulation (GDPR) as promulgated by the European Union affords EU citizens with rights and protections regarding the security, handling, control, storage, access, interoperability, and other aspects of EU-citizen data. It becomes enforceable on 25 May 2018.
I mean, what’s the big deal anyway? If someone wants you to delete them from your database, can’t they simply phone your call center and open a ticket? Then the call center can delete the records, one by one, using various user interfaces and systems eventually reaching all the places where all that data resides. Let’s just set aside the joke about how the call center will phone or email back confirmation of a successful deletion of data that includes phone numbers and emails.
If your applications and systems are like most companies, they’ve grown up over many years. And if you’re storing information about people, you’re likely doing it spread over (at least) several different databases and systems. Reaching a customer service desk representative who will log a call and open a ticket isn’t going to easily satisfy a significant volume of data subjects to requesting to exercise their rights to review their data, make amendments and corrections, receive notifications, and obtain an electronic and portable copy of their data.
Perhaps you could just move all that data outside the EU and wash your hands of it? No way. You might successfully have the data reside in an approved non-EU country, but you’ll still need to fulfill all of the requirements of GDPR if your data contains information regarding EU citizens, including any personally identifiable contact information such as an email or phone number. So, regardless of whether this data is in spreadsheets, databases, on-premises, physical file cabinets, cloud storage, or backup systems, you’ll need to track down all the specific sources and types of data. Get digging. Time is running out.
Assuming you have a lawful purpose for processing and methods of handling data on EU subjects, then you’ll still need to safeguard the data, provide an easy, consistent, and reliable means by which:
- Rapid and effective response mechanism for EU subjects to inquire about their data and exercise their rights regarding the management of it
- Rapidly identify all the data pertaining to a specific person (including backup data)
- Central means by which an EU subject can monitor, update, and delete (be forgotten) the data
- Provide a means by which an EU citizen can object an electronic and standardized format of their data that enables portability, especially to another service provider
- Project confidence that EU citizens can get timely and satisfactory responses, ensuring your systems comply with GDPR
What if you had a public facing, self-service web portal that enabled all of this? And if it could interface directly with all the data sources in your IT infrastructure (databases, computing platforms, legacy systems), that would be just great. Could you get it done in five months? Maybe. It depends. What if you could build and deploy it in just a few days? Impossible!?
This might be the perfect project to build with a Low-code development platform. With low-code, you’ll be able to rapidly build your application, interface with all your existing data sources, quickly build an intuitive and modern looking user interface and deploy across mobile, web, and all form-factors. If you did that, in just a few days, it could satisfy some of these challenging GDPR requirements, let your customers self-service on their data, and save your call center from this work.
Learn more about how to quickly build highly integrated self-service mobile apps and web portals with LANSA Low-code Platform.