November 8, 2017

Just how tough is GDPR for large enterprises?

3

Large Enterprises and GDPR

Ever since its establishment in 2012, ScaleFocus has been serving telecoms, banks and other large enterprises with millions of B2C users. As years have passed, markets were disrupted and regulations were pushed. We have become a trusted partner of over 120+ companies. We stay side by side with all clients and make sure to meet every challenge together.

Now, in 2017, we were asked to participate in our customers’ GDPR program development. We were petrified to discover several major common painful patterns, which occurred regardless of the client’s industry or country. Here are some core findings, as narrated by the senior members of our GDPR Services Team:

The core business systems and analytics data hubs (ERP, DWH, data lakes, etc.) have been designed, without having GDPR in mind, while being constantly patched over the years with new functionalities. They do not support any privacy by design or default rules. Enabling GDPR compliance for these systems should be well planned and executed. It may also require significant updates of the processes from the business side as well

– says Krum Daskalov, VP Advanced Analytics

Introducing encryption, anonymization and pseudo-anonymization is considered a safe haven by many GDPR consultants, both legal and technical. Nevertheless, we are expecting to see noticeable systems performance decrease and thus customer/employee service satisfaction levels going down. One should plan well all required additional hardware or IaaS/Cloud resources.

– says Zlatina Kirilova, Practice Lead

“There is not a single solution for achieving GDPR compliance. This regulation requires full awareness of an organization, regarding the kind of data it operates with, the way data is transmitted between the systems and how it is stored. Exposure to a single forgotten backup or archive of a system, which contains personal, would be a breach. This makes it really challenging to implement a solution, which is able to monitor data transmitted and stored in the organization during the whole lifecycle. This is very challenging, yet it is what motivates us to build solutions, which strengthen customers’ security awareness and prepares them for the GDRP regulation.”

– says Georgi Kushev, Director IT Infrastructure

Due to squeezed budgets and highly price-optimized contracts, there is rarely room for covering new regulatory pushes. Furthermore, political issues can arise since current company vendors may compete on leading the GDPR program, or could simply be not as cooperative as promised. Successful GDPR compliance requires full cooperation amongst all involved parties, which can be achieved ONLY through strong empowerment and good leadership skills of the customer’s internal GDPR working group.”  

– says Mladen Tsvetkov, Enterprise Account Executive

How to resolve GDPR-related issues?

Here are some practical tips, which came during our customers’ GDPR initiatives:

  • Get a constant C-level involvement in the GDPR program.
  • Engage all departments and external vendors to work together.
  • Promote internal empowered leaders.
  • Reform your internal SLAs and OLAs and renegotiate contracts with vendors.
  • Timely thrash all attempts for vendor lock-ins or “cannot-be-done-because-of” statements.
  • Start refactoring your DWH, data lakes, core systems and LoB systems.
  • Turn this effort into a tangible benefit, i.e. now you can finally start the MDM/enterprise data hub deployment.

In the end, you will need to take the proactive approach and find a trusted partner for your GDPR journey. It’s a lengthy process, yet all good things take their time. Gather up the team and make the right step today.

Read more