Super Robot to the rescue! How robots can help you be GDPR compliant.
Winter might be over, but GDPR is here! If you’re been hibernating to avoid what that entails, it’s time to sort things out, with some help from software robots!
Be prepared from Day 1.
The bigger the company, the more requests you can expect to start coming in from customers (keep reading to learn more about what kinds of demands they might come to you with) early on. Even the biggest companies with huge legal departments will face a challenge with GDPR. The details of GDPR requirements and regulations can seem murky, so no matter what resources you and your company have behind you, you’ll want to do everything you can to make sure that you are GDPR compliant.
While we appreciate consumers and the importance of their personal data, there’s no denying that GDPR is placing new and tough demands on companies. That’s where Robotic Process Automation (or RPA) can come in handy. While technology might seem like the enemy when it comes to personal data, some of the robots are on our side! These friendly bots can keep your worst GDPR nightmares from coming true, and protect your company from making mistakes when trying to manually process years or decades worth of data.
What is GDPR?
GDPR, or the General Data Protection Regulation, is a series of regulations governing how personal data is handled within the European Union. These regulations are designed to give people more oversight of and control over their personal data. To put it (very) simply, GDPR stipulates that consumers need to give explicit permission for how their personal data can be used by companies working in the EU.
You can read more about the regulations on the official website.
It’s understandable in this day and age that people are concerned about what data companies gather and share, and how that data is used. With Facebook and other companies in the news every day, people are being forced to think hard about what information they’re regularly giving out. For consumers, GDPR is supposed to be a way to know that the way their data is being used is standardized and under their own control.
But what do these new regulations mean for companies?
As a company, you need to be able to answer customers requests, and quickly. Processes that will often be affected by these regulations include unsubscribing and “forgetting” people, telling people what data you have about them, proving that you have permission to send messaging to people, updating a person’s data and creating new contacts in the legal manner.
The four super robots you need!
To help you comply with GDPR, we’ve created four types of software robots. While each of these robots has a different function, they also need to be flexible, because the demands placed on you won’t always be the same with every consumer or in every situation.
Robot 1 – Get my data
The ‘Get my data’ robot will allow you to provide customers who ask for it with all the data that you have on them, and where that data is stored (in terms of what systems and where those systems “live”). When you work with LEKAB, we help you build a robot that can pull all GDPR-relevant data from every system in your company. Having a robot do this for you is beneficial both because you avoid having someone manually check every system for data on a specific person, and because you’re then able to present that person with all of their data in a neat, uniform way.
Robot 2 – Forget me
This needs to be a particularly flexible robot, because there are so many different factors that need to be accounted for. Does someone simply want to be unsubscribed, or do they want to be actually “forgotten”, in which case you’ll need to completely remove the data you have on them from all systems. What is the data piece you use to identify someone in your various systems, is it a UUID, an email address, a name?
This robot will be programmed to take different actions in different pre-defined situations – with ability of course to add new actions when new situations arise.
Robot 3 – Check my compliance record
This robot is a little tricky, because you’ll probably actually want two robots! The first robot will be the “check my compliance record” robot. The ‘check my compliance record’ robot will show you who has access to the data in question, and show you what your status is in terms of GDPR compliance. You’ll need to regularly assess whether everything you’ve been doing has been compliant, not just in terms of how data is now stored but in the handling of that data.
The second robot is the “make me compliant” robot. This robot will be programmed to validate your data according to specific dimensions, and if it isn’t accurate, make it up-to-date. This robot should be in place when new contacts are being added to your data base. Speaking of which…
Robot 4 – Create new data
This robot is also tied to all of your systems, and will be used to create new data records. As of May 25th, you’ll need to be sure that new data is always entered in compliantly during customer onboarding. Depending on your processes and internal systems, this could be as simple as accurately and compliantly entering data into your one CRM system, or as complex as making sure data is securely and accurately entered into dozens of CRM, billing, marketing, and other systems.
What will happen in the future?
As new cases and situations emerge, companies who work within the European Union (and courts) will work out all the as yet unknown details of GDPR. As these details emerge, robots can be reprogrammed or even added to deal with any new demands. Being set up with robots ready to take action (with no learning time) will let your company both eliminate error and continue to save time.
Download our RPA guide to learn more about RPA use cases, implementation, and more, or get in touch with us directly here to talk about how robots can help your company become and stay GDPR compliant.