What GDPR Means in Practice for Irish Business

The General Data Protection Regulation (GDPR) is a European directive aimed at ring-fencing consumer data against illegal or unnecessary access. There is nothing to discuss or debate with local politicians, or the Irish Data Protection Commissioner for that matter. As a European directive, it has over-riding power. To obtain an English version, please visit this link, and select ?EN? from the table of languages.

As you reach for your tea, coffee or Guinness after sighting it, you will be glad to know the Irish Data Protection Commissioner has the lead in turning this into business English we understand. The following diagram should assist you to obtain a quick overview of the process we all have to go through. In this article, we briefly describe what is inside Boxes 1 to 12. The regulation comes into force on 25 May 2018 so we have less than a year to get ready.

The 12 Essential Steps to Implementing the General Data Protection Act

1. Create awareness among your people of what is coming their way. The GDPR has given our regulator discretion to dish out fines up to ?20,000,000 (or 4% of total annual global turnover, whichever is greater) so there is determination to make this happen.

2. Become accountable by understanding the consumer data you hold. Why are you retaining it, how did you obtain it, and why did you originally collect it. Now you know it is there, how much longer will you still need it? How secure is it in your hands, have you ever shared it?

3. Open a communication channel with your staff, your customers, and anyone else using the data. Share how you feel about how accountable you have been with the information in the past. Explain how you plan to comply with the GDPR in future, and what needs to change.

4. Understand the personal privacy entitlement of the subjects of the information. They have rights to access it, correct mistakes, remove information, restrict its use, decline direct marketing, and copy it to their own files. What needs to change in your systems to assure these rights?

5. Issue a policy for allowing consumers access to their information you hold. You must process requests within a month, and you may not charge for the service unless your cost is excessive. You may decline unfounded or excessive demands within your policy guidelines.

6. Adapt to the requirement that you must have a legal basis for everything you do with, and to consumer data. You need to be in a position to justify your actions to the Irish Data Protection Commissioner in the event of a complaint. Having a legitimate interest is no longer sufficient.

7. Ensure that consumer consent to collect, use, and distribute their data is ?freely given, specific, informed, and unambiguous.? From 25 May 2018 onward, this consent will be your only ground to do so. You cannot force consent. Your benchmark becomes what the GDPR says.

8. Issue rules for managing data of underage subjects. This is currently under review and we are awaiting results. Put systems in place to verify age. Set triggers for where guardians must give consent. Make sure age is verifiable. Use language young people understand.

9. Introduce a culture of openness and honesty, whereby breaches of the GDPR are detected, reported, investigated, and resolved. You will have a duty to file a GDPR report with the Data Protection Commissioner within 72 hours, thus it is important to fast track the process.

10. Introduce a policy of conducting a privacy assessment before taking new initiatives. The GDPR calls for ?privacy by deign?, and we need to engineer it in. This may be the right time to appoint a data controller in your company, and start implementing the GDPR while you have time.

11. You may also need to appoint a data protection officer depending on the size of your business. Alternatively, you need to add managing data protection compliance to an employee?s duties, or appoint an external data-protection compliance consultant.

12. Finally, and you will be glad to know this is the end of the list, the GDPR has an international flavour in that multinational organisations will report into the EU Lead Supervisory Authority. This will manage the process centrally while consulting national data authorities.

The GDPR is a project we all need to complete. If we are out of line, it is in our interests to get things straightened out. Once everything is in place, the task should not be too onerous. Getting there could be the pain.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Succeed at Transformation

Despite the pomp and fanfare associated with launching corporate transformation programs, in reality very few of them succeed. According to a recent report by McKinsey the success rate is pegged below 40%. In addition, the same research indicates that defensive transformations – those undertaken as part of crisis management – have lower chances of success than progressive ones – those launched to streamline operations and foster growth. However, adopting certain strategies, like setting clear and high goals, and maintaining energy and engagement throughout the implementation phase, can really boost the project’s success rate. A key aspect of business transformation is IT transformation. This can be attributed to the fact that significant business change is either driven or influenced by technological change.

So what is IT Transformation?

IT transformation is basically a holistic reorganisation of the existing technological infrastructure that supports the company’s mission critical functions. In essence, IT transformation is not all about effecting change for the sake of change but involves systematic steps that align IT systems to business functions. To appreciate this approach, it is important to explore current trends in the business world where human resource, finance and IT transformations are being carried out in unison. This is being done to develop strong corporate centres that are leaner, agile and more productive that enhance greater synergies across all business functions.

IT transformation inevitably results in major changes of the information system’s technology, involving both hardware and software components of the system, the architecture of the system, the manner in which data is structured or accessed, IT control and command governance, and the components supporting the system. From this scope of works it is evident that IT transformation is a huge project that requires proper planning and implementation in order to succeed.

Tips to Improve Success in IT transformations Projects

1. Focus on Benefits not Functionality

The project plan should be more focused on benefits that can be accrued if the system is implemented successfully rather than system functionality. The benefits should be in line with business goals, for instance cost reduction and value addition. The emphasis should be on the envisaged benefits which are defined and outlined during the project authorisation. The business benefits outlined should be clear, feasible, compelling and quantifiable. Measures should be put in place to ensure that the benefits are clearly linked to the new system functionality.

2. Adopt a Multiple Release Approach

Typically most IT projects are planned with focus on a big launch date set in years to come. This approach is highly favoured because it simplifies stakeholder expectation management and avoids the complexity associated with multiple incremental releases. However, this approach misses the benefit of getting early critical feedback on functioning of the system. In addition, the long lead times often result in changes in project scope and loss of critical team members and stakeholders. IT transformation projects should be planned to deliver discrete portions of functionality in several releases. The benefit of multiple release approach is that it reduces project risks and most importantly allows earlier lessons learnt to be incorporated in future releases.

3. Capacity of the Organisation to confront Change

As pointed out, IT transformations result in significant changes in business operations and functions. Hence it is important that all business stakeholders should be reading from the same script in regards to changes expected. In addition, key stakeholders should be involved in crucial project stages and their feedback incorporated to ensure that the system is not only functional but business focused.

Virtualisation

Using an IT solution that can provide the fastest (but still reliable) disaster recovery process is essential for the success of any business continuity plan. Although virtualisation is still considered leading edge technology by many business continuity specialists, it definitely brings a promise that, once fulfilled, can result in the cheapest, fastest, and most comprehensive solution for business continuity.

One great advantage of virtualisation over traditional BC (Business Continuity) methods is the relatively cheaper cost needed to achieve a certain level of business continuity assurance. Thus, more companies will find it easier to reach their required minimum for BC assurance. By contrast, some BCPs (Business Continuity Plan) based on a physical environment require companies to invest more than what they are willing to in order to reach the same minimum level of assurance.

Virtual machines, which can already encapsulate your operating systems and their corresponding applications, can be transported as a file from one machine running a compatible hypervisor to another. This makes the business continuity tasks of backup, replication, and restoration simpler and faster.

As of 2008, about 54% of IT professionals in Europe were willing to implement virtualisation within a maximum of two years. Furthermore, the expected compound annual growth rate of installed virtualised servers from 2008 to 2012 is already pegged at 33%.

If you want your organisation to take advantage of the benefits of this revolutionary technology, we’d be more than willing to help you discover what it can do for you. Then once you decide to make that transition to virtualisation, we can guide you every step of the way.

  • As not all applications are suited for virtualisation (e.g. some are too demanding on I/O and memory access), we’ll start by reviewing your entire IT system to see which portions can be implemented on a virtualized environment.
  • Using virtualisation and replication, we can conduct disaster recovery tests using up-to-date data without interrupting operations in your main IT site. Running these tests will increase your team’s preparedness and will allow you to discover possible weak points.
  • Provide a simple but comprehensive protection and backup system that encapsulates not only data, but also system configurations and application installations. This kind of setup allows for faster and easier disaster recovery operations. Because of these same characteristics, you can enjoy zero downtime while performing scheduled maintenance operations.
  • Since virtual machines are hardware-independent and transparent to operating systems, we can help you run a mix of legacy and new systems as well as open source and proprietary systems, allowing for more flexibility in your BCP budgeting.

We can also assist you with the following:

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Finding the Best Structure for Your Enterprise Development Team

An enterprise development team is a small group of dedicated specialists. They may focus on a new business project such as an IoT solution. Members of microteams cooperate with ideas while functioning semi-independently. These self-managing specialists are scarce in the job market. Thus, they are a relatively expensive resource and we must optimise their role.

Organisation?Size and Enterprise Development Team Structure

Organisation structure depends on the size of the business and the industry in which it functions. An enterprise development team for a micro business may be a few freelancers burning candles at both ends. While a large corporate may have a herd of full-timers with their own building. Most IoT solutions are born out of the efforts of microteams.

In this regard, Bill Gates and Mark Zuckerberg blazed the trail with Microsoft and Facebook. They were both college students at the time, and both abandoned their business studies to follow their dreams. There is a strong case for liberating developers from top-down structures, and keeping management and initiative at arm?s length.

The Case for Separating Microteams from the?Organisation

Microsoft Corporation went on to become a massive corporate, with 114,000 employees, and its founder Bill Gates arguably one of the richest people in the world. Yet even it admits there are limitations to size. In Chapter 2 of its Visual Studio 6.0 program it says,

‘today’s component-based enterprise applications are different from traditional business applications in many ways. To build them successfully, you need not only new programming tools and architectures, but also new development and project management strategies.?

Microsoft goes on to confirm that traditional, top-down structures are inappropriate for component-based systems such as IoT solutions. We have moved on from ?monolithic, self-contained, standalone systems,? it says, ?where these worked relatively well.?

Microsoft’s model for enterprise development teams envisages individual members dedicated to one or more specific roles as follows:

  • Product Manager ? owns the vision statement and communicates progress
  • Program Manager ? owns the application specification and coordinates
  • Developer ? delivers a functional, fully-complying solution to specification
  • Quality Assurer ? verifies that the design complies with the specification
  • User Educator ? develops and publishes online and printed documentation
  • Logistics Planner ? ensures smooth rollout and deployment of the solution

Three Broad Structures for Microteams working on IoT Solutions

The organisation structure of an enterprise development team should also mirror the size of the business, and the industry in which it functions. While a large one may manage small microteams of employee specialists successfully, it will have to ring-fence them to preserve them from bureaucratic influence. A medium-size organisation may call in a ?big six? consultancy on a project basis. However, an independently sourced micro-team is the solution for a small business with say up to 100 employees.

The Case for Freelancing Individuals versus Functional Microteams

While it may be doable to source a virtual enterprise development team on a contracting portal, a fair amount of management input may be necessary before they weld into a well-oiled team. Remember, members of a micro-team must cooperate with ideas while functioning semi-independently. The spirit of cooperation takes time to incubate, and then grow.

This is the argument, briefly, for outsourcing your IoT project, and bringing in a professional, fully integrated micro-team to do the job quickly, and effectively. We can lay on whatever combination you require of project managers, program managers, developers, quality assurers, user educators, and logistic planners. We will manage the micro-team, the process, and the success of the project on your behalf while you get on running your business, which is what you do best.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today