The positive impact of GDPR compliance
Managing compliance for GDPR and other regulations
It’s been three years since the General Data Protection Regulation (GDPR) was adopted, and just more than 15 months since it became enforceable. There was a lot of collective hand-wringing about how hard it was going to be to comply with the new EU law, but for the most part, it hasn’t been as difficult as originally imagined by almost everyone around the world. The main provision of the law is that organizations located in the EU or that process EU citizens’ data (which is how a lot of U.S. companies are affected) have to get consent for collecting it, and also quickly announce if a breach has happened. Non-compliance means high fines.
The good news is that while there were challenges to meet the provisions and requirements pertaining to the processing of personal data of individuals in the European Economic Area (EEA), the overall benefits from the law are mostly positive. Here are a few of the good things GDPR has spawned since it went into effect:
Better security. Everyone’s data is now more secure. The law mandates that each organization has to have someone in charge of the data and that audits become a regular thing. Better security awareness and practices benefit everyone.
Heightened confidence. The law extends faith to consumers that yes, their information is well protected.
Technology alignment. Complying with the law means upgrading and staying updated with the latest and greatest technologies.
Lower maintenance costs. The need to keep data inventory up-to-date reduces the cost of storing data.
Meeting the task head on
At Onspring, figuring out the complexities of GDPR has been a complicated task, but helping customers through the wilderness of the law has been a challenge we relish. I talked with of few of our associates who dealt with the intricacies of the law itself and found out just how much Onspring was able to help with the overall effects many organizations faced when first dealing with it.
“I think from the consumer standpoint, we can all understand and appreciate any marked movement towards the development and adoption of regulatory requirements designed specifically with the protection of personal data in mind,” Josh Campbell, Onspring Consultant of Professional Services, said of the law. “GDPR signifies a growing understanding of the importance of consumer data protection.”
“In conversations with Onspring clients, GDPR seemed daunting, especially with the threat of huge fines for non-compliance,” Kristen Russell, Senior Director at Onspring, said. “The full text of GDPR includes 99 articles that set out the rights of individuals and the obligations placed on organizations facing the regulation.”
That’s a lot of new information to consume and implement, even for the most diligent of companies. I’m happy to report that Onspring is up to the challenge of helping their clients meet and comply with the regulations.
“Importing and tracking the GDPR requirements within Onspring gives you the ability to connect those different elements to your internal company controls,” Kailyn Schutte, Senior Consultant of Professional Services, said. “And that ultimately allows you real-time reporting and analysis of which areas you are compliant with, and which areas need additional attention.”
Responsibility to the law
Complying with GDPR can be a challenge and the price for non-compliance is stiff. That’s where Onspring’s overall experience comes into play.
“Under GDPR, companies are accountable for how they handle people’s personal information, including having data protection policies and impact assessments, as well as documenting how data is processed,” Russell said. “Penalties for non-compliance range from millions of dollars to a very scary, undefined. Companies we work with saw the writing on the wall, and they were nothing short of motivated to become compliant.”
Many Onspring clients confront the challenge and threats of grave ramifications by taking a step back, analyzing their current data structures, and utilizing the Controls and Compliance Management solution in Onspring. Whether they rely on Onspring’s Unified Compliance Framework Data Connector for automatic controls updates and mapping, or map and monitor their own controls, they move forward by getting their controls data into Onspring. With automation software that identifies gaps, provides actionable insights with reporting and analytics, and simplifies tasks, clients can easily prioritize their efforts. They no longer have to face the great unknown—instead, they can get compliant one step at a time. Today, they’re not only proving ongoing GDPR compliance, but they’re also saving time and worry.
Always ready
There will be other laws in the future that, from first glance, buckle the knees of companies with threatening fines and other non-compliance fears. Onspring will be ready to help.
“As a consultant, the Onspring platform gives us the opportunity to work with our clients on the front lines,” Campbell said. “We ensure that they have solutions in place to help them adopt supporting practices as a result of these types of regulations, as well as clearly understanding their level of compliance.”
When it comes to GDPR, Onspring is on it.
About the author
Evan Stos
Vice President at Onspring
15 years GRC experience