Connect with us

Business

THE POTENTIALLY CATASTROPHIC EFFECT OF GDPR ON CLOUD MIGRATION – IF YOU HAVEN’T STARTED YET.

Dr Gavin Scruby,CIO,SmartDebit

Certain industries have significant restrictions on the way they process data. Some of the most common are defence, health, credit card and government. When these organisations process data, they have to comply with industry-specific regulations, which benefits us all. What some companies have not yet realised is that everyone now operates under a similar kind of regulation. This is of course the General Data Protection Regulation, most commonly referred to as GDPR, which now governs data protection across the EU. The UK government intends to write GDPR into UK law and stay largely parallel with the EU, so the caveats here will probably apply even in the case of a no-deal Brexit. While many people know that the GDPR affects how they should protect data, the breadth of impact on the data controller-processor relationship is often missed, and this can have catastrophic effects on business flexibility, and particularly on cloud migration.

Gavin Scruby

Before getting into the consequences of this and how they could be managed, it’s worth looking at what controller and processors are, to see how they affect nearly everyone who offers a service over the internet. If you have a website and you integrate a card payment service, you are a data controller – you decide what data you collect from your customers (card details and postcode), why it is processed (to make a card payment) and who processes it (the card payment processing company). While you are the controller, the card company is your processor – it processes data from your customers to enable credit card payments to happen. This kind of relationship is more common than many people may think. In any situation where a company provides a personal-data processing service to another company, that service company becomes a processor. It could be an online CRM service, a bookings service, an online document storage service, even a paper document library (as GDPR applies to printed information too) – almost anything where the service provided stores or processes personal data for another organisation creates a controller-processor relationship.

The difficulty now is that GDPR puts a lot more restrictions on what a processor can do without the controller’s consent, largely because the controller now has many more obligations to check and control how data that it collects is used. This is only fair; if you are liable for data you’ve collected, you should have some say in what is done with it when you subcontract it to someone else.

A key restriction, and the one we consider here, is within the GDPR’s Article 28 Paragraph 2: “The processor shall not engage another processor without prior specific or general written authorisation of the controller. In the case of general written authorisation, the processor shall inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes.”

The simple language interpretation of this is that as a processor, you can’t change your data subcontractors without explicit permission from your controllers (i.e. customers) – and that means all of them. This is difficult enough if you want to change standard suppliers, but the often neglected consequence is that it can also affect where you locate core data and whether you migrate to the cloud. Even if you rent rack space in a data centre (co-location hosting) and the data centre never “sees” unencrypted data, this is still classed as a sub- processor by the law. Consequently, any move to another data centre, or a migration to cloud, is considered a change in sub-processor, which therefore requires permission from all customers.

In practice, this could be extremely limiting. You would not want to attempt to arrange written authorisation from every customer when you want or need to move to the cloud. If nothing else, it could push back migration timescales by years. The most you would want to do is inform customers, with perhaps an early termination clause if they had a significant issue. This is not how contracts are being drafted, and not how the ICO recommends they are drafted. Standard clauses will be created by the EU or ICO in time, but these are not yet available. The ICO recommends contract terms of the form: before employing a sub-processor, the original processor must inform the controller and obtain its prior specific or general written authorisation. It is possible to draft contracts to contain general written authorisation or include clauses to allow early termination or assumed acceptance on non-response, but you’ll need professional legal advice to make these enforceable and legal such that they do not violate the GDPR.

The result of the introduction of the GDPR now means you need to do two things: firstly, make sure your own contracts are drafted to ensure maximum flexibility for you but in compliance with the law; and secondly, read sub-processor clause amendments made by customers very carefully. Here you need to discuss your specific circumstances with your legal advisors or industry body. If you just migrate to cloud without customer consent, you could fall foul of GDPR sub-processor limitations, and many more organisations and individuals are getting knowledgeable on their rights.

Don’t panic though. The GDPR has thrown up many situations like this and it is still very new, in case law terms. The GDPR is not intended to work in such a way as to stop dead industry-wide cloud adoption. Everyone is finding their way on these rules right now and the ICO seems to be taking a “carrot” rather than “stick” approach for those companies who are genuinely trying to improve data protection but still operate their businesses competitively. In time, consensus guidance will be developed, but until that time, we all have to be more careful about what we sign and even more careful about the contracts we write.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

FIVE PITFALLS PROFESSIONAL SERVICES MUST OVERCOME DURING THE PANDEMIC

By Andy Campbell, global solution evangelist at FinancialForce

 

The pandemic’s impact on the global economy has, and is continuing to be, one of the most severe in modern history. To put this into context, economists have already asserted that it has been three times more severe than the financial crisis of 2008, and we’re not out of the woods yet.

Even before the pandemic, businesses were navigating a wholly different landscape. The shift to a services economy, alongside the increased expectation for higher quality customer service and experience, were already piling on the pressure. Throw the pandemic, and subsequent shift to remote working into the mix, and the need to make changes – and fast – becomes even more explicit.

Much like the natural world, adaptation is key to businesses’ survival during periods of turmoil.  Many services companies aimed to improve certain business functions and processes by beginning to adopt cloud-based systems, with a particular focus on the front-office. Although this is a positive development towards process optimisation, inefficiencies will remain until enterprises unite around one overarching cloud strategy.

Creating that strategy and employing it, particularly at pace, is not the simplest process, and there are common pitfalls that many businesses, especially global ones, are likely to encounter.

 

Andy Campbell

Outdated and error-prone processes

Operating at a global scale comes with its own unique challenges. Regional teams on the ground with their own local capabilities and knowledge are a benefit for multinationals, but a side-effect is that they often develop their own tactical, highly localised solutions. These run alongside those systems operating at a global level and cause friction.

This friction is most commonly seen between the delivery level, where quick fixes take place, and the global level, where greater consistency is needed. A disjointed approach to applications development leads to inefficient business processes, as well as centralised solutions that are rigid and difficult to maintain.

The business world turns at a rapid rate, and out of sync processes slow down a firm’s ability to respond to quick-fire changes. A fragmented systems architecture, for instance, impacts data quality, as well as its timeliness. Outdated and potentially incorrect data leads to delays and misinformed decision-making. Instead, a unified strategy is required to oversee the entire opportunity-through-delivery process and ensure decisions are based on accurate and timely data.

 

Front and back office – forever separate

Disparate systems, data sets and processes also lead to conflicts between the front and back office. Both offices are all too often siloed, preventing optimal visibility across the organisation throughout the sales-to-delivery process. As each is working with different datasets, in terms of both accuracy and detail, it can counteract the contributions made to business growth, and act as a barrier to the development of fresh new services.

By creating opportunities for an exchange of information between the front and back office, businesses can ensure that there is collaboration when comparing data between the two, enabling more opportunity for development and seamlessly tying the front and back office together.

 

Shortcomings in customer experience

Customer experience is further cementing itself as a key competitive differentiator in businesses across sectors. However, elevating customer experience calls for more than just using spreadsheets and custom software to manage the delivery process. These methods restrict the company’s flexibility when confronted with changes to the market or customers’ needs.

Maintaining agility in customer interactions is a crucial step towards success to ensure that they remain informed at any given time. By deploying a single system to oversee the whole opportunity-through-delivery process, an organisation is able to deliver cohesion and unity throughout the customer service.

 

Disorganisation in ongoing projects

The trifecta of remote working, complex projects and project managers with unique methods of monitoring progress, has resulted in a decrease in visibility into project status for many businesses. Subsequently, employees often end up using ‘side systems’ to complete tasks, which brings difficulties as these systems are not completely integrated into the global process.

The problems initially formed from a lack of clarity into projects soon manifest themselves into most areas of the organisation. For example, being unclear of when projects will be completed or what resources will be needed and when will eventually hinder the success of future projects. Misunderstandings surrounding available capacity can cause sales teams to over- or under- sell the sales quota, bringing additional problems for the delivery team.

The negative impact this can cause both for resource utilisation and the effectiveness of project delivery are considerable. In order to optimise the delivery of both internal and external service projects, businesses should look to deploy robust platforms for management and automation that can organise workflows and create greater visibility.

 

Revenue leakage

Revenue leakage is often referred to as ‘the silent killer’ of businesses as, unless you’re looking for it, it can remain unnoticed until it’s too late. Disregarding the importance of looking for revenue leakage is a common error that needs to be rectified as it can occur at any time throughout the customer lifecycle and cause substantial damage.

Gaps may commonly appear between sold revenue and earned revenue that, at first, may not appear to be a major cause for concern, but can eventually result in significant revenue loss.

Causes of revenue leakage include problems with data entry and detached systems, to name just two. Organisations which lack a single system to oversee business functions such as planning, producing, and selling, are in danger of seeing revenue leakage.

To avoid these five faults, financial services organisations can benefit from using the right cloud solution to encourage collaboration between the front and back office, enabling them to balance real-time resource demand against resource capacity, forecast capacity long into the future, and more easily convert won opportunities into billable projects.

The past year has made it clear that increased flexibility and agility should be a priority for organisations to keep up with any unforeseen developments, no matter how unlikely they may seem.

 

Continue Reading

Business

HOW FINANCE TEAMS CAN UTILISE MODERN TECHNOLOGIES TO PREDICT AND MITIGATE RISK

Carol Lee, CFO of Wrike

 

There is no denying that the finance function plays an important role in every aspect of ‘doing business’. Although much of ensuring strong financial health, tracking revenue, and managing budgets will take place behind the scenes, all are key ingredients which, ultimately, determine whether a business is successful. This is even more relevant in today’s climate.

Thanks to the ongoing pandemic and resulting economic flux, each and every business has faced financial challenges in recent months. As revenues continue to falter, budgets are tighter than ever and profitability is essential.

Amid the economic uncertainty, CFOs and finance teams are set to play an important role in recovery efforts moving forward. Ensuring financial wealth and a solid revenue stream has never been more important. For many, it has also never been more difficult to achieve.

 

Real-time finance

The modern finance team needs to be about far more than month-end and retrospective quarterly reporting. The pandemic has highlighted how important this statement is, with sudden shifts in consumer demand for certain products and services driving drastic changes in revenue for many businesses. For example, at the beginning of the pandemic, many supermarkets will have seen their revenues increase, whilst restaurants and gyms witnessed significant dips following necessary closures.

In order to survive this time of turmoil, finance teams need to be able to quickly and efficiently adapt to these changes in customer behaviour. Planning projects that are expected to yield profit is no longer enough. Finance teams need to ensure that these projects maintain profitability throughout their lifecycle, controlling financials from the planning phase through client delivery. As such, tracking budget spend in real-time in order to keep margins positive and meet customer expectations is key.

Visibility needs to be front of mind, especially in our new remote working landscape, where face-to-face communications has had to take a backseat. The right performance metrics, delivered on time, can enable finance teams to track and obtain a deeper understanding of how projects and finance strategies are progressing and delivering against set objectives. They can help to determine stress points in the business and articulate events and triggers for certain financial actions to be taken.

When utilised alongside the right modern technologies, they can even help to save projects that aren’t delivering, flagging potential problems and recommending where adjustments should be made.

 

Predicting and mitigating risk

Whether it’s unforeseen additional costs, tight margins, or budget burn, these are the factors that can make or break the success of a project and, ultimately, a business. By using real-time insights, finance teams can play a pivotal role in keeping the entire organisation on track. In order to take this one step further and mitigate any potential risks before they wreak havoc, finance teams need to be able to predict and plan for a series of different outcomes. This is where modern technologies, such as artificial intelligence (AI) and machine learning (ML) can help.

Tools with these technologies can help finance teams to get one step ahead and tackle at-risk projects before they cause any issues. By identifying signals and patterns based on hundreds of factors – including past campaign results, work progress, organisation history and work complexity – they provide extremely timely diagnosis and help to minimise risk throughout the entire organisation. For each project, an automated risk assessment prediction will be issued. For both medium and high risk levels, the machine learning model will also provide a list of factors that could contribute to potential delays. The insights that these reports provide can help to save entire projects.

Once a finance team knows what the potential risk might be, they can turn their attention towards what is truly important – managing and mitigating it. This can be done by assessing a project’s ‘risk tolerance’. Put simply, how much risk can you allow before you need to act. This is an essential part of any project management process, helping finance professionals to decide on the most effective response and ensuring that resources are being used in the most effective way.

As organisations across every sector fight to get back on their feet post-pandemic, ensuring long-term profitability will be a key focus. Many businesses will turn to their finance teams to lead the charge and provide the solutions and recommendations which will ensure future economic survival. As such, having a plan in place to make sure that all projects stay on track and that any potential risks to the business are mitigated before they cause a problem needs to be a priority. By investing in modern technologies – such as AI and ML – today, finance teams are setting themselves up for success tomorrow, no matter what is around the corner.

 

Continue Reading

Magazine

Trending

Finance1 day ago

2021 FINANCE SPEND PREDICTIONS

by Andrew Foster, VP Consulting EMEA, AppZen   As we enter a new year filled with ongoing change and uncertainty,...

Business1 day ago

FIVE PITFALLS PROFESSIONAL SERVICES MUST OVERCOME DURING THE PANDEMIC

By Andy Campbell, global solution evangelist at FinancialForce   The pandemic’s impact on the global economy has, and is continuing...

Business1 day ago

HOW FINANCE TEAMS CAN UTILISE MODERN TECHNOLOGIES TO PREDICT AND MITIGATE RISK

Carol Lee, CFO of Wrike   There is no denying that the finance function plays an important role in every...

Finance1 day ago

THE LOYALTY-TRUST PARADOX AT THE HEART OF FINANCIAL SERVICES AND HOW TO OVERCOME IT

By Andrew Warren, Head of Banking & Financial Services, UK&I at Cognizant   There has long been a paradox at...

News1 day ago

ACCELERATION OF DIGITAL TRANSFORMATION PUSHING ORGANISATIONS TOWARDS A MORE DATA-DRIVEN APPROACH

84% of businesses have seen more demand for data due to Covid-19, but nearly a third say data quality remains...

Finance1 day ago

WE NEED MORE CRYPTO COMPANIES TO IPO TO INCREASE DIGITAL ASSET SCRUTINY AND ADOPTION

Stephen Ehrlich, Co-Founder and CEO at Voyager Digital   As a publicly listed digital asset trading business, the recent announcement...

News4 days ago

SUSTAINABLE DERIVATIVES: THE “GIVING TREE”

Jennifer Kafcas, Lauren Blaber, Alvino Van Schalkwyk and Harry Polan   Momentum continues to gather pace towards building a sustainable...

Finance4 days ago

THE POTENTIAL OF PaaS IN FINANCIAL INSTITUTION INNOVATION

By Barry Tarrant, Director, Product Solutions, Fiserv   Financial institutions continually balance competing demands for investment in technology maintenance, compliance,...

Business4 days ago

TAPPING INTO THE RIGHT MINDS

David Holden-White, co-founder and managing director, techspert.io   The world is awash with information. Analyst house IDC estimated that more...

Top 104 days ago

FINANCE DERIVATIVE 2021 TRENDS – NUAPAY

By Brian Hanrahan, CCO, Sentenial, parent company of Nuapay   The past year has accelerated payments trends that already existed,...

Finance4 days ago

FINANCE PREDICTIONS FOR 2021

By Dr Vic Arulchandran, CPO at Nivaura   The year 2020 saw many technology trends accelerated due to the global...

Business4 days ago

A NEW VISION FOR GRANT MANAGEMENT REQUIRES FAMILIAR IT

Jack Perschke, Partner at Netcompany   At its very heart, the business of government is mostly about either taking in money...

Business6 days ago

RETAILERS NEED TO DELIVER BETTER REWARDS TO ENSURE CUSTOMER LOYALTY

62% feel retailers need to improve the ways they reward consumers for shopping with them 55% believe that loyalty programmes...

Banking6 days ago

OPEN BANKING: THE UNSUNG HERO OF THE PAYMENTS REVOLUTION

By Mike Peplow, CEO at Paynetics UK   It’s been more than three years since the introduction of open banking...

Business1 week ago

DATA MANAGEMENT: HOW TO KEEP YOUR PAYROLL INFORMATION HUSH-HUSH

Shubham Joshi is an experienced content marketer at FactoHR Why, at the time of recruitment, candidates are told not to...

News1 week ago

AURIGA AND ACI WORLDWIDE PARTNER TO LAUNCH NEXT-GENERATION ATM ACQUIRING AND SELF-SERVICE BANKING PLATFORM

New platform improves omni-channel experience for consumers, including self-service channel integration with mobile and internet banking   Auriga, market leader...

Business1 week ago

THESE TOP 5 INTERACTIVE SKILLS WILL ENSURE WE’LL BECOME BETTER COMMUNICATORS IN 2021

Last year was one like no other and is certainly one that the majority of us will be keen to...

Business1 week ago

BENEFITS OF MOBILE HEALTHCARE APPS FOR CONSUMERS

By Sandy van Dijl, branch manager at Alexander Forbes Health   The healthcare industry is at the forefront of the mobile revolution Using mobile applications...

Wealth Management1 week ago

FROM EFFICIENCY TO NEW INVESTMENTS – WHY BLOCKCHAIN IS MORE THAN MEETS THE EYE

Thomas Borrel, chief product officer at Polymath   Blockchain has been an extremely hot topic in 2021. With companies and...

Banking1 week ago

UNDERSTANDING THE CYBERSECURITY CHALLENGES FACED BY NEOBANKS

Narendra Sahoo, Founder and Director of VISTA InfoSec   Introduction In recent years we have witnessed a major drift in...

Trending