Having fixed the PSD2 matter (if you didn’t, read this article), it’s time to fix that other abbreviation that messes with your data strategy. Unlike PSD2, GDPR does not exactly come with new opportunities that help you become a company of the future. It’s a wakeup call for the business world to pay more attention to customer privacy. A wakeup call with serious consequences, that is. But not all is lost. When well informed, there’s nothing standing in your way of running a kick ass business that complies with all governmental regulations at the same time. So, keep calm, and read this blog.
What is GDPR?
Just to be clear: GDPR stands for General Data Protection Regulation and was initiated by the European Union to strengthen customer privacy. From 25 May 2018 on, all companies that deal with private data must comply with a set of rules, that builds upon the data protective directive of 1995. These rules include gaining customers, business partners and employees more insights into the way their personal information is used, and giving them the option to fight decisions that were made based on this data processing. The regulation applies to all EU member states, meaning that every business that deals with European citizens also deals with GDPR. Although the regulation was initiated by the EU; it will probably hit companies all around the world that process data on European clients or employees. And even companies that don’t do business with EU members should be aware of the fact that someday they might, meaning they would do well to comply with GDPR just in case.
“Just like you would burglarproof your apartment in an unsafe neighborhood, the EU put an extra lock on the door of EU citizens to protect them against the big, dark web”
Why does the EU make things so hard?
GDPR is not an unexpected measure, neither is it an unfair one. Now that more and more personal details are being stored, forwarded and analyzed digitally, people have lost sight of what companies and institutions can do with their personal details. Moreover, they often underestimate the power they give away. Financial details, medical data, social media content: all can be used to disadvantage, discriminate or even rob people that have no idea what’s going on. And just like you would burglarproof your apartment in an unsafe neighborhood, the EU put an extra lock on the door of EU citizens to protect them against the big, dark web. Clearly, the EU isn’t out to get you. In fact, the GDPR will also protect your own company against people with bad intentions. Think about the reputational damage when your customer data gets exposed, or when your business partner uses the data of your employees to their own advantage.
How can I anticipate GDPR?
All of the above may be true, but it doesn’t make GDPR compliance any easier. You’ll need to make changes to your data strategy, and for some companies the new regulation even requires a whole new privacy protocol. So how will you go from here? Many blogs and reports have been published with the aim to prepare businesses for the 25th of May 2018, with titles such as “Seven steps to survive GDPR” and “Practical steps to deal with the GDPR”. What I found most useful, was the one by Eckhard Herych. This Faculty Member of CGOC provides you with a clear overview of the steps you need to undertake to map and optimize your data flows. The article is short and simple, but more informative than all the other articles that state you should “come into action” and “be aware of the consequences.” According to Herych, these five steps are crucial (you can read more about each step by reading the post):
- Unify data management
- Locate and understand the flow of all data
- Evaluate all data
- Dispose of all disposable data
- Protect what’s left
Becoming GDPR compliant using APIs
As is the case with many problems, the technical answer to the GDPR challenge is the API. And for a very simple reason. If you use customer data to optimize your products, services and processes, you’ll work with different access points to gather information from the outside world. To be GDPR compliant, you’ll have to add control layers to all of these access points, and develop applications to report on what’s been collected. The API is the man for the job, as it functions as your digital revolving door. When you have a well deployed API strategy, your APIs form a security layer between your organization and the world, and determine which message is allowed to pass and in what form. This gives you control over all messages that leave and enter your company, and provides you with better insights in your data flows. Moreover, when using an ESB or an EI (Enterprise Integrator), a well deployed API strategy can create order in the chaos of your internal data flows as well. The more insights, the more control, the better your data strategy, and the more GDPR compliant you will be.
What are your thoughts on the road to GDPR compliance? Can you keep calm or are you secretly freaking out? Let me know by leaving a comment!
Want to know more about the power of clever API Management and how to select your API vendor? Then download our free white paper below.