Many client executives are currently working to become compliant with the new General Data Protection Regulation (“GDPR”). The GDPR regulation goes into effect on 25 May, 2018, and while GDPR is a European Union regulation, it is expected to be implemented worldwide due to its wide reaching or near universal regulatory umbrella.
Around 20 years ago, pretty much all data was stored in the corporate datacenter. Today, that data could be in multiple locations, stored on the edge in branch offices as well as in the public cloud. Critically, Personal Identifiable Information (“PII”) could exist outside primary systems. GDPR represents “the law catching up with the digital world”.
GDPR identifies the following actors:
An Ernst & Young 2018 Global Forensic Data Analytics Survey found that with respect to readiness for GDPR, respondents indicated only 33% have an established plan for GDPR compliance, with another 39% signifying they are familiar with GDPR. |
The new regulation requires much tougher controls over what your third-party suppliers do with employee and customer personal data. GDPR requires that both controllers and processors know where the personal data is located for storage and processing. They will share equal liability, and this has data processors scrambling to determine how best to make sure that the data their customers are putting on their servers is properly protected. In addition, data controllers must assess whether the security measures of their Cloud providers meet GDPR requirements by conducting periodic audits. And to make it even more complex, the same applies to a processor using a sub-processor.
It’s true the amount of Strategic Supplier Management (“SSM”) work that is needed to become GDPR compliant is significant, but there are also opportunities including a) demonstrating how a well-managed and structured approach to SSM adds value to an organization, b) raising the profile of SSM as GDPR is a board level issue and c) realizing compliance with SSM policies more widely.
With an emphasis on suppliers, GDPR makes data a SSM opportunity and priority:
As the cover of The Economist’s May, 2017 issue proclaims, “The World’s Most Valuable Resource is No Longer Oil, but Data”, its importance to business will only increase. The GDPR rules are very complex, but NET(net)’s advice is not to be overwhelmed by them or to see GDPR as your enemy.
NET(net) predicts protracted contractual negotiations with IaaS, PaaS and SaaS suppliers as the Data Processor will try to wrangle a shift in liabilities back to you, the Data Controller. NET(net) can help support you in minimizing that risk.
A PwC Pulse survey shows that 88% of companies expect to invest $1 million to meet requirements and another 40% expect to spend more than $10 million. And this is to get ready, however, getting ready is just the beginning. GDPR is not a single, one-time event. GDPR requires continuous active monitoring, and a visible, proactive SSM program. Through WIN(win), NET(net)’s proprietary platform, we provide capabilities to sustain value and ongoing compliance through Supplier Performance Management of your Agreements, Investments, and Relationships.
A November 2017 report published by Technology Law Alliance reveals that just 18% of companies will be ready for the introduction of the General Data Protection Regulation. Whether you belong to the 18% that is ready or the 82% that are not, GDPR should be viewed as an opportunity to improve your understanding, to renegotiate your agreements, and to build better procurement processes to safeguard and future proof your technology supply chain. GDPR puts strategic supplier management back in the forefront, and NET(net) has the capabilities you need to ensure your agreements include appropriate GDPR protections. Through NET(net)’s proprietary platform, WIN(win), and access to the Performance portal, clients are able to perform Strategic Supplier Management, including proactive ongoing management for GDPR. NET(net) can help you manage these strategic supplier agreements to minimize cost and risk while maximizing the realization of value and benefit.
Contact us here and we’ll arrange a call with one of our Subject Matter Experts who can immediately assess your situation.
Click below to see how clients use WIN(win) to proactively track and monitor GDPR compliance, as well as their other ongoing contractual obligations:
About NET(net)
Celebrating 15 years, NET(net) is the world’s leading IT Investment Optimization firm, helping clients find, get and keep more economic and strategic value. With over 2,500 clients around the world in nearly all industries and geographies, and with the experience of over 25,000 field engagements with over 250 technology suppliers in XaaS, Cloud, Hardware, Software, Services, Healthcare, Outsourcing, Infrastructure, Telecommunications, and other areas of IT spend, resulting in incremental client captured value in excess of $250 billion since 2002. NET(net) has the expertise you need, the experience you want, and the performance you demand. Contact us today at info@netnetweb.com, visit us online at www.netnetweb.com, or call us at +1-866-2-NET-net to see if we can help you capture more value in your IT investments, agreements, and relationships.
NET(net)’s Website/Blogs/Articles and other content is subject to NET(net)’s legal terms offered for general information purposes only, and while NET(net) may offer views and opinions regarding the subject matter, such views and opinions are not intended to malign or disparage any other company or other individual or group.