Time flies when you’re having fun! Since we started out on our little GDPR journey, developing software and services to help customers with some of the requirements, the data privacy landscape has changed immeasurably. At the beginning everyone questioned whether it could really go ahead in that form; business leaders and politicians complained that it was too harsh and would damage the economy. But as we draw close to the end of the sunset period there are almost daily reminders in the news about why GDPR is very much needed.
A big focus for our customers is the removal of data that has been sitting unused in the SAP system for a long time. The older the SAP system, the more of it; and the number of divestitures the business has done over the years contributes significantly as well. At the moment, there is great interest in our applications called Data Disclose (for managing the right to access in a professional and scalable way) and Data Redact (for the reactive right to erasure). The third application, Data Retain, has gone to the back burner – because an ongoing capability to trim data when it exceeds the retention period doesn’t seem to be anyone’s top priority. So instead, we’re providing one-off services to remove the data that definitely shouldn’t be kept. In some cases it means ‘forgetting’ the person altogether. But in many cases, particularly around HR data, it means removing the parts of the record that it would be hard to find legal grounds for holding five years after the person has left, such as bank account numbers or family information.
We’re continuing with our work on Data Retain though, because I suspect that once the initial clean up is done, and organisations have a bit more time to sit down and look beyond 2018, they will definitely see the value. Because of course, this is not a one-off event. I don’t think it's panned out like that at all. This is the new normal, and we are all starting to acclimatise to what it means both personally and professionally. As we further develop our solutions, we will look to see how we can make them part of the ongoing processes of our customers, starting with a great suggestion from Turnkey consulting at a Access Control and Security Special Interest group last month: “Why not make Data Redact a part of the Leaver action for employees?” What better way to show data privacy by design in the HCM space?