Toby Olshanetsky, prooV
The European Union’s General Data Protection Regulation (GDPR) is coming – and resistance is futile. The impact of the GDPR will be felt around the globe and non-compliance by any business collecting personal data or behavioral information about people in EU countries will be costly— both in terms of financial cost and brand reputation.
According to Gartner, 50% of global enterprises still will not be GDPR compliant by the end of 2018. To ensure compliance within the short amount of time left, many companies are seeking collaborations with startups to provide solutions.
With the May 25th enforcement date looming, enterprises shouldn’t ignore the silver lining that comes along with the GDPR: the innovation it will spawn and the collaborations it will breed.
Here are the GDPR requirements that enterprises can fulfill by working with startups.
Leveraging startups to meet the GDPR deadline
With the GDPR countdown looming, companies will need to integrate and deploy systems that can adhere to the limitations of the regulation—quickly. Many of these deployments will require time, complex integrations and IT developments, and companies that have not yet begun implementing such innovations may find themselves stressed for time.
With this in mind, many enterprises are turning to the startup community in the hopes that proof-of-concepts with software solutions that can comply with the GDPR will yield the innovation they need in the short time that they have.
Simplifying data collection and deletion under GDPR
A key aspect of the GDPR concerns the information companies collect about their customers.
On one hand, companies need to collect personal information in order to provide customized experiences and improve their overall revenue generation. On the other hand, the GDPR requires enterprises to ensure that the information individuals provide is collected in a secure way.
Clarip is a startup that is a SaaS-based data privacy platform for social, web, mobile, cloud, apps and IoT devices, which is helping bring clarity and transparency to the data collection process by building trust. Additionally, it’s helping consumers easily understand what data is being collected and shared about them.
Using privacy-by-design to ensure GDPR compliance
With GDPR, privacy-by-design must now be at the forefront of your IT infrastructure. At its core, privacy-by-design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition. These principles are mandated by GDPR and organizations will need to have robust data management, governance, and security features in place.
Companies like Virtru have created full suites of GDPR-compliance solutions that support privacy-by-design/privacy-by-default.
GDPR’s right to be forgotten
The need to erase information when no longer needed or upon request poses a challenge for companies since many do not have the capability to quickly remove all personal data of an individual.
In addition to needing to find an innovative way to remove information in a timely manner from their own servers, under the GDPR companies will also need to do the same for information processed by third-party providers.
Upon request to be erased, companies must ensure that information on their systems and the third-party providers who may have had access to those systems is removed.
Segment — which is already used by data-collection-heavy companies like Trivago, Gap and Crate & Barrel — added a new tool that improves data collection and makes it easier for users to stay GDPR compliant. In addition to improving the way that data is collected and stored, Segment’s solution helps companies comply with the right-to-erasure element of the GDPR.
Cybersecurity
In order to protect their customers’ data and their public reputation, companies will have to increase their preventative cybersecurity measures. This leaves the door wide open for an increased wave of cybersecurity and personal data encryption innovation.
BigID is a startup focused on privacy and personal data protection. As enterprises stare down GDPR and similar privacy regulations, they face new challenges in understanding what personal data they collect and process. BigID is a company redefining how enterprises satisfy GDPR and meet new data privacy and protection requirement
Outsourcing GDPR’s data protection officer
Companies with more than 250 employees need to have a Data Protection Officer (DPO) according to the GDPR, to oversee the management of data collection, encryption, overall compliance and more.
This increases the global demand for DPOs, which can make finding the right DPO challenging for many companies.
By advising companies on compliance, data protection impact assessment and serving as the point of contact for the GDPR supervisory authorities, ProDPO is a great solution for companies looking for an alternative DPO solution.
Innovation, regulations, testing and the power of a nearly exact replica of data
For the majority of enterprises, finding solutions in the open market and then testing them is the main way innovation is accomplished. However, GDPR—and the Right to Erasure (Right to be Forgotten) in particular—will make it more difficult to test using real data. Not only does it mean you will need to filter out specific data, you will need to find some way of keeping track of the records that are not approved for use in testing.
In terms of what this means for the software-testing process, GDPR will create more risk in granting access to their assets to external parties, and therefore they will want to create a separate testing environment to avoid having to do so, consuming even more time and resources. Worst case scenario, businesses may just avoid the issue altogether by choosing not to pursue innovations.
Enter Deep Mirroring. Deep Mirroring is a way of creating new data that replicates the patterns and behaviors of production data. By leveraging Deep Mirroring in a testing environment, enterprises and startups will be able to run proof-of-concepts by using mimicked data to simulate real-world environments and conditions. It provides all the benefits of running a PoC with real data—such as evaluating how solutions perform in your specific production environment—but with none of the risk.
Bottom line
Overall, the enforcement of the GDPR will have a strong impact on companies, but it is not one to be afraid of. It will fuel innovation by bringing privacy, security and data management to the forefront.
Toby Olshanetsky is the co-founder and CEO of prooV, the first proof-of-concept (PoC)-as-a-Service platform, which helps enterprises find, test-drive and implement new technologies. He has held senior roles and led several successful startups over the past 20 years, in technologies including cybersecurity, mobile development, e-commerce and online banking.