GDPR

GDPR. An Opportunity More Than a Threat for B2B Companies?

The EU’s General Data Protection Regulation (GDPR) is definitely a game changer – but perhaps not in the way you think.

A great deal has already been written about the stringent obligations – and hefty fines – it places on organizations managing the personal data of EU citizens. Much less has been made of its other stated aim: To facilitate the exchange of information for businesses that operate in the EU. But the GDPR is not limited to only EU companies, so… how best to capture the opportunity within GDPR implementation?

An opportunity? Really?!!

It’s easy to focus on the amount of change – at an organizational, technical and process level – that every company will need to undertake to get ready for the May 2018 deadline. But, that is to overlook the bigger picture. GDPR is explicitly designed to harmonize data security and privacy laws across Europe. This is, by far, the most far-reaching legislation of its type ever attempted. It represents a single data protection approach for 28 trading countries and, indeed, beyond.

As all companies that hold personal data on EU citizens must comply – and let’s face it, today that’s pretty much everyone – the success of GDPR is very likely to make it a global standard by default.

To date, organizations have not addressed their data protection and privacy risks in a consistent way. GDPR now makes this essential. The opportunity arises when you see this as more than simply a compliance issue. As PA Consulting suggests, companies “can take a more business- and customer-centric approach that will allow them to explore how they can manage personal data to help make more informed decisions and create a better experience for their customers”.

Understanding GDPR

There are really two core elements to the obligations of B2B companies under the GDPR. The first is to store and manage personal data in a way that it’s always quickly accessible for the data subject and is removable if required. For B2B organizations, you must remember that, for the GDPR, personal data means data about individuals, including your customers, suppliers and service providers. It also covers how and why you exchange personal data within your supply chain or trading partner network.

Secondly, personal data must be defended and secure at all times – in transit or while at rest.  The International Association of Privacy Professionals recommends some of the security actions to undertake include:

  • The pseudonymization and encryption of personal data
  • The ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services
  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

A focus on technical infrastructure

It’s clear that the correct technical infrastructure has a key role to play when implementing the GDPR. Organizations will really struggle if they continue to hold silos of information. Instead, they must have a clear end-to-end view of all the personal data they hold. This is both structured and unstructured data – everything from emails and social media behaviors to contracts or service documentation.

This does require a significant change in thinking. Organizations will need to introduce Privacy-by-Design and Data Protection-by-Design as core foundations of their infrastructure. These strategies have been at the heart of solution development at OpenText for years.

The OpenText™ Business Network portfolio of solutions – including OpenText™ Trading Grid Messaging Service, OpenText™ Active Applications, OpenText™ Managed Services, and OpenText™ Fax Solutions – include the highest security standards, encryption and best practices. These solutions enable the processing and exchange of information with comprehensive encryption to mitigate risks associated with the processing of sensitive data. Rigorously auditing, testing and enforcing compliance with security regulations such as the GDPR across extended and sophisticated supply chains is a fundamental part of OpenText operations.

For example, the OpenText™ Cloud Fax network is an environment made up of connectivity protocols that keep customers aligned with the most pertinent regulatory and compliance mandates.  With options including secure web connections via TLS and HTTPS or VPN connections, organizations remain securely connected to the OpenText Cloud and privacy is maintained. With encryption at rest and in transit, content is securely protected where it rests or on the move.

Keep calm. Carry on.

The good news is that GDPR is not meant to cripple you as a business – quite the opposite. But, it does demand a much more proactive and consistent approach to data protection. For B2B organizations, that really doesn’t have to be a threat. Almost every organization has Digital Transformation at the heart of its business strategy. Almost every organization is looking for ways to optimize the value of the data it holds. In this context, GDPR can be seen as a legal framework to make this happen. Now, there’s an opportunity!

Learn more about OpenText’s secure information exchange solutions.

Watch the webinar with Digital Clarity Group and learn how the GDPR will transform business practices across the organization.

About Amy Perry

Amy Perry
Amy Perry is the Director of Product Marketing for fax and secure messaging solutions with OpenText Business Network. Her 20 year career has crossed between Product Management and Product Marketing in the CPG and software industries.

Check Also

healthcare

The 3 Most Asked Questions about Fax Technology in Healthcare

Freshly back from HIMSS 2017, I spent some time reflecting on the rich conversations that …

healthcare

The Provider Path to Better Care Coordination

The healthcare experts at OpenText are excited for HIMSS17 to share with health IT gurus …

2 comments

  1. Your solutions have a lot to do with “in transit” parts of data processing. Does OpenText ECM provide encryption at rest as part of records storage? EU laws already require the intransit over public network requirement – don’t know how much internal transmission will require encryption for sensitive PI now – but very interested in GDPR drive to encrypt data at rest in a records management/retention solution and specifically does ECM support that? Thank you.

    • Denise Oakley

      Thanks for your question Ann.
      Yes, OpenText Content Suite supports the following: encryption at rest, encryption in transit (HTTPs), encryption of data (on the database) and encryption of content/document (on the storage device).

      You might be interested in our webinar on 1 March that reviews the details of the GDPR and outlines the steps you can take to prepare for it – the link to register is at the end of the blog post above. Also, please contact us if you’d like to have a deeper dive discussion related to your specific scenario.

Leave a Reply

Your email address will not be published. Required fields are marked *