Other parts of this series:
In my previous posts, I asked whether your organization is ready to comply with GDPR, which entails extensive change in how companies handle the personal data of EU citizens. In this post, I will show you how Accenture can help simplify the process and ensure sustainable compliance.
Why do we have GDPR?
The purpose of the GDPR is to give back to individuals control over their personal data, and to simplify the regulatory environment for international businesses by unifying the data privacy regulation within the EU.
However, as I explained in my first post, after a year of GDPR, companies are still struggling to find their feet in the new regulatory landscape. What’s more, compliance is an ongoing commitment and not an annual task. When you opt for sustainable compliance, you can turn burden to benefit and unlock countless data opportunities.
What are the challenges of GDPR?
Last year, we identified the following GDPR compliance challenges that plague businesses. Many of them are still relevant one year later:
- Lack of clear data ownership and control across the business;
- Insufficient documentation on and control of personal data processing activities make it difficult to demonstrate how personal data is being used;
- Insufficient planning and resources to allow for an audit and to demonstrate compliance to customers and regulators;
- Lack of process controls to ensure consent is explicit and unambiguous;
- Ensuring employees understand the impact of GDPR on their roles;
- Inability to detect breaches in a timely manner;
- Inability to scale solutions to meet higher volumes of data subject requests; and
- Implementing an optimum solution that ensures compliance will require time.
One year later, many companies are still a long way from stages 4 and 5 in their compliance journey: the ability to sustain compliance and to realize strategic and operational opportunities from their efforts to comply with GDPR.
How Accenture can help you become more compliant
In order to help our clients meet the challenges of GDPR and to achieve a smooth compliance journey, Accenture created the Data Privacy and Consumer Rights Assessment Framework.
With this framework, which includes recent regulatory enactments such as GDPR as well as Accenture’s recommended data protection practices, our teams can assess clients’ privacy and consumer rights programs. This comprehensive tool allows us to help clients that want to:
- Evaluate and grow their privacy and consumer programs;
- Develop a privacy strategy; and
- Maintain alignment with regulatory requirements.
The framework is organized into 12 privacy management domains against which clients are assessed:
- Privacy governance
- Data inventory and classification
- Privacy by design and default
- Training and awareness
- Data security
- Third-party risk
- Notice and consent
- Customer rights management
- Privacy impact assessments
- Data breach management
- Data monitoring and transfer
- Privacy documentation maintenance
Each domain further consists of sub-domains that specify certain privacy management activities. To help Accenture teams ascertain the client’s progress with regard to a specific activity, each sub-domain comes with a set of questions.
For example, to determine a client’s progress in terms of developing internal data privacy policies, Accenture will ask five questions:
- Is the policy documented?
- Is the policy distributed to relevant users and enforced through means such as training and awareness campaigns?
- Is the policy periodically reviewed, tracked, and updated?
- Is the policy continuously optimized and automated/evaluated for automation? Stage five of the compliance journey
Human + machine privacy management
Accenture not only asks the right questions; we also have the right software apps built for SuccessFactors, Employee Central, EC Payroll and SAP HCM to help simplify our clients’ compliance journey.
Over the past 15 years, our software apps have been licensed to over 1 700 clients who use them on a day-to-day basis in their human capital management landscape.
In the case study below, you will see how automation is helping Bonnier AB—a large media group with more than 180 companies in over 10 countries—to explore new business opportunities.
Case study: comply to compete (Video)
At our Accenture Innovation Hub in Bangalore, India, we used advanced pattern-matching and machine learning techniques to automatically discover personal data across Bonnier’s siloed systems. With the solution, Bonnier also has deeper insights into relationships within the data. This has allowed the company not only to achieve GDPR compliance but also to identify new business opportunities from its data and to spot and correct inefficiencies in its processes.
Finally, the solution gives Bonnier the reporting tools to maintain sustainable compliance. Watch the video here for more: