GDPR is a fundamental shift in personal data ownership—and it’s not just Europe. Falling like dominos, the adoption of similar privacy legislation is spreading. A case in point is the recently adopted California Privacy Act. And Canada, Japan, and Australia are implementing comparable legislation or updating their privacy laws to mirror GDPR.
Although companies have had two years to prepare for GDPR, many remained in the dark about the impact of the new rules on their business until those rules took effect on May 25 of this year. Many chose to take a “wait and see” approach. “It hasn’t been a reality until now,” explained Jerrod Bailey, chief strategy officer for IntraEdge, maker of GDPR Edge, an enterprise compliance solution.
“We have companies that have come to us since the May 25th deadline and in some cases, they have received 10,000 requests in the first week. These companies were prepared for tens, a dozen requests. They weren’t prepared for 10,000.”
The punitive risks are substantial, with fines up to €20 million or 4 percent of annual global revenue, whichever is higher. Especially in the retail industry, the search is on for a path to meet at least the minimum GDPR regulatory requirements. One that is quick, with minimum disruption, won’t cost an arm and leg, and will deal with future changes in both the regulatory and system environments.
Giving Retailers the Edge on Compliance
In partnership with Intel®, IntraEdge built GDPR Edge—a unique solution designed specifically to address the requirements of the regulation. The system uses highly secure blockchain technology to protect data and enable compliance throughout multiple touchpoints, which can be especially important to retailers.
“One of the major areas where retailers are collecting data is at the point-of-sale,” explained Bailey. “A lot of retailers just don’t have any compliance solutions for point-of-sale. We have the ability to integrate about 98 percent of the point-of-sales systems out there.”
The company was able to help one online-only retailer automate compliance across all its brands in the EU. In eight weeks, the retailer had three primary and independent systems feeding diverse customer information into a single data lake. As consumers interact with the brand online and make purchases, transactions receive a unique tag, so they can be easily found. The process allows the retailer to demonstrate compliance with critical elements of the GDPR, with a minimal burden on operations and at a fraction of the cost of developing a custom solution.
Sometimes the system can be set up even faster. Some deployments have started processing access requests and deploying workflow management and reporting tools in less than a week and at a service cost of under $1,000 a month.
Centralized Data—Automated Process
At the core of the system are four key elements—a data lake, block chain ledger, customized portals, and APIs, as shown in Figure 1.
Figure 1. The GDPR Edge solution elements.
Data in the lake is protected by a blockchain ledger that maintains a forensically valuable history of all system activity. Data from interactions is transferred to the ledger, where all information is certified as un-tampered, and then to the data lake where all interaction records live. When a consumer request is made, a record is kept of the interaction activity. Read More
Editor’s Note: This post was originally published in August 2018 by insight.tech www.insight.tech.com