In a world where the volume of information generated and exchanged is growing every day, data protection has become a huge concern for regular citizens. In response, EU legislators have released the General Data Protection Regulation (GDPR), applicable from 25 May 2018.
This regulation's main impacts are granting the following rights to customers:
- the right to know what type of information has been stored about you
- the right to have your data "forgotten"
- the right to be informed of a breach involving your data within 72 hours
With just four months to go before GDPR comes into effect, many organisations that hold or process personal data are not yet sufficiently prepared, and may be exposed to large fines (up to €20 million or 4% of the global annual turnover) if they're not ready on time.
The same personal data are often stored in dozens of IT systems, causing many to wonder how they can implement the regulation in the appropriate timeframe. From experience, I can safely say that doing it manually is not feasible. A new IT tool may be not the best option neither, as it will come with a high cost and a slow deployment speed. The best answer may be robotic process automation (RPA), a new kind of workforce that uses software robots ("bots") to automate repetitive, high-volume, manual, and rule-based tasks. Easily designed to one's needs, and quickly testable and deployable, bots require little investment and work at the "presentation layer" of computer systems, mimicking exactly what a human user would do behind his or her screen.
The advantages of using RPA are numerous: bots can work 365 days a year at 24/7 availability, drastically reduce human error rates (including quality issues associated with manual data entry), and help limit human exposure to sensitive data.
In a GDPR context, bots can be used on many processes requiring a high volume of copy/paste activities, while maintaining a fully auditable trail. Some examples could be:
- checking incoming consent or revocation requests, and executing the appropriate follow-up actions (e.g. flagging the request in the relevant systems or deleting specific data)
- carrying out changes in personal data across multiple systems
- producing audit reports
- collecting and comparing the huge volume of data across all of a company's IT systems
- notifying customers of a data breach (or other event) by email
Bots promise a real competitive advantage in achieving regulatory compliance. Keeping up with change and increasing complexity is a daily necessity and challenge—the time is now to start your RPA journey.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
