Why automated tools won’t solve the GDPR challenge

26th January 2017 | Will Parton

The first step of a GDPR compliance programme is perhaps the most challenging. Identifying what personal data a business holds, and where it resides, can be a time-consuming and complex process that consumes considerable resources.
If you’re a consultant charged with this task, efficiency is paramount. Otherwise, the cost of the project can soon exceed client expectations.

The obvious solution is to source a tool that can automate the data discovery process. Unfortunately, no such tool exists. In fact, it couldn’t exist. Personal data takes many forms and sometimes isn’t even stored on computer systems. It can be found in handwritten notes, paper-based files and on recording devices. It can be both structured or unstructured. So automated tools can play an important role but some degree of manual data discovery is necessary to avoid blind spots and unidentified vulnerabilities. The challenge is balancing both manual and automated processes to ensure you’re operating as efficiently as possible.

This is where we come in. Our Business Lens solution enables users to build an accurate picture of where personal data resides within a business by combining both automated and manual strategies. Whether data has been gathered by a software programme or through a manual process, it can be captured easily and efficiently. This data is then presented as an interactive visual model that shows how it relates to people, processes, places and platforms.

Crucially, the Lens evolves from a discovery tool to become a compliance management platform once the personal data has been identified. This eliminates the need for re-entry and enables users to closely monitor compliance KPIs on an on-going basis. This is crucial as GDPR is not a periodic “tick-box” exercise.

Key security and privacy techniques can also be applied through the Business Lens, meaning that once you’ve identified a problem, you’re in a position to suggest and implement a solution. For example, if a client has just launched a three-year programme to implement a new CRM platform, our Protect and Store module can be applied to ensure data is protected in the interim. This means you can provide the exact level of protection your client needs, at a sensible price point and without disrupting on-going strategic programmes.

Maintaining GDPR compliance requires an effective on-going programme that recognises the dynamic nature of business operations. The Business Lens enables businesses to continuously manage and monitor personal data, quickly investigate exceptions and generally discharge their extensive obligations under GDPR. It can support you in starting your clients on this journey, and provides them with the tools they need to adapt their processes as they get to grips with the Regulation. Book a demo now to see it in action.