The EU’s new General Data Protection Regulation (GDPR) is a catastrophe for old, immobile enterprises. By May 25, 2018, many large businesses will have endured a rocky path to compliance and managing breaches, at considerable cost. Some may well have seen negative impact to their brands from data issues.
GDPR is a challenge, but it is also an opportunity. For the postmodern CIO – at ease with the tools the digital revolution has provided – this is a chance to show how cloud computing can be leveraged to transform business in a way that mitigates corporate risk.
Why companies are worried about GDPR
The 1995 EU data protection directive laid out a strong framework, but failed to properly imagine the complexity of modern IT infrastructures.
Established organizations often have a mishmash of technologies handling client data. Older companies, especially financial institutions, often still use systems that date back to the ’80s and ’90s, running on obsolete platforms. The architects of some of these platforms never considered the need to delete data, let alone implement such a feature.
Meanwhile, the majority of companies now use cloud services in some way, but not always in a business process–optimized way. The average European enterprise uses an astonishing 608 cloud services , including Dropbox, Google Docs, and OneDrive. Most of these are shadow IT systems – not supported or sanctioned by the IT department and therefore prone to misuse. Identity data can leak into these cloud services’ databases with surprising ease. Personal data regularly pops up as text fields – unstructured data.
This IT landscape makes it impossible to guarantee the safety of client data and to give individuals the right to decide how their data is used, which is the purpose of data protection legislation. GDPR seeks to redress the balance by imposing punitive fines on companies that don’t simplify and unify client data storage and understand identity data lifecycles. So the more fragmented a company’s systems are, the more work they will have to put in to comply with the request to “delete everything you hold on me, please.”
How this benefits postmodern CIOs
Postmodern CIOs have moved from operating IT to owning ecosystems. They focus less on managing teams and more on growing talent. Delivering innovation trumps merely keeping the lights on. For postmodern CIOs looking to pivot to the cloud, this is an excellent time to launch a revolution within their organizations.
There are four main arguments that CIOs can make to their C-suite colleagues relative to GDPR:
1. GDPR compliance can be built into the IT landscape and scaled.
One of the most persuasive arguments against on-premise systems is the cost of installation and maintenance. The cost of compliance is something else to consider, especially as the move towards GDPR compliance may be so painful. Companies such as SAP provide facilities for structuring data and defining access to it, as well as reporting on compliance with those rules. These capabilities help in reducing the overhead of meeting compliance, as well as the spend on identifying anomalies and quantifying compliance on an ongoing basis.
For some organizations, GDPR has resulted in decisions such as the removal of an entire CRM facility because of the inability to control access to customers’ data. So for many organizations, GDPR also represents an opportunity to reconsider their IT landscape. Wholesale relocation of core capabilities to the cloud is an even more reasonable consideration.
2. The quality of data will improve.
One of the problems arising from GDPR is that companies store huge amounts of superfluous customer data, including operational data that could be used to reconstruct individuals’ identities.
