Connect with us

Business

THE POTENTIALLY CATASTROPHIC EFFECT OF GDPR ON CLOUD MIGRATION – IF YOU HAVEN’T STARTED YET.

Published

on

Dr Gavin Scruby,CIO,SmartDebit

Certain industries have significant restrictions on the way they process data. Some of the most common are defence, health, credit card and government. When these organisations process data, they have to comply with industry-specific regulations, which benefits us all. What some companies have not yet realised is that everyone now operates under a similar kind of regulation. This is of course the General Data Protection Regulation, most commonly referred to as GDPR, which now governs data protection across the EU. The UK government intends to write GDPR into UK law and stay largely parallel with the EU, so the caveats here will probably apply even in the case of a no-deal Brexit. While many people know that the GDPR affects how they should protect data, the breadth of impact on the data controller-processor relationship is often missed, and this can have catastrophic effects on business flexibility, and particularly on cloud migration.

Gavin Scruby

Before getting into the consequences of this and how they could be managed, it’s worth looking at what controller and processors are, to see how they affect nearly everyone who offers a service over the internet. If you have a website and you integrate a card payment service, you are a data controller – you decide what data you collect from your customers (card details and postcode), why it is processed (to make a card payment) and who processes it (the card payment processing company). While you are the controller, the card company is your processor – it processes data from your customers to enable credit card payments to happen. This kind of relationship is more common than many people may think. In any situation where a company provides a personal-data processing service to another company, that service company becomes a processor. It could be an online CRM service, a bookings service, an online document storage service, even a paper document library (as GDPR applies to printed information too) – almost anything where the service provided stores or processes personal data for another organisation creates a controller-processor relationship.

The difficulty now is that GDPR puts a lot more restrictions on what a processor can do without the controller’s consent, largely because the controller now has many more obligations to check and control how data that it collects is used. This is only fair; if you are liable for data you’ve collected, you should have some say in what is done with it when you subcontract it to someone else.

A key restriction, and the one we consider here, is within the GDPR’s Article 28 Paragraph 2: “The processor shall not engage another processor without prior specific or general written authorisation of the controller. In the case of general written authorisation, the processor shall inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes.”

The simple language interpretation of this is that as a processor, you can’t change your data subcontractors without explicit permission from your controllers (i.e. customers) – and that means all of them. This is difficult enough if you want to change standard suppliers, but the often neglected consequence is that it can also affect where you locate core data and whether you migrate to the cloud. Even if you rent rack space in a data centre (co-location hosting) and the data centre never “sees” unencrypted data, this is still classed as a sub- processor by the law. Consequently, any move to another data centre, or a migration to cloud, is considered a change in sub-processor, which therefore requires permission from all customers.

In practice, this could be extremely limiting. You would not want to attempt to arrange written authorisation from every customer when you want or need to move to the cloud. If nothing else, it could push back migration timescales by years. The most you would want to do is inform customers, with perhaps an early termination clause if they had a significant issue. This is not how contracts are being drafted, and not how the ICO recommends they are drafted. Standard clauses will be created by the EU or ICO in time, but these are not yet available. The ICO recommends contract terms of the form: before employing a sub-processor, the original processor must inform the controller and obtain its prior specific or general written authorisation. It is possible to draft contracts to contain general written authorisation or include clauses to allow early termination or assumed acceptance on non-response, but you’ll need professional legal advice to make these enforceable and legal such that they do not violate the GDPR.

The result of the introduction of the GDPR now means you need to do two things: firstly, make sure your own contracts are drafted to ensure maximum flexibility for you but in compliance with the law; and secondly, read sub-processor clause amendments made by customers very carefully. Here you need to discuss your specific circumstances with your legal advisors or industry body. If you just migrate to cloud without customer consent, you could fall foul of GDPR sub-processor limitations, and many more organisations and individuals are getting knowledgeable on their rights.

Don’t panic though. The GDPR has thrown up many situations like this and it is still very new, in case law terms. The GDPR is not intended to work in such a way as to stop dead industry-wide cloud adoption. Everyone is finding their way on these rules right now and the ICO seems to be taking a “carrot” rather than “stick” approach for those companies who are genuinely trying to improve data protection but still operate their businesses competitively. In time, consensus guidance will be developed, but until that time, we all have to be more careful about what we sign and even more careful about the contracts we write.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Hidden channel costs: how to find and tackle them

Published

on

By Mark Wass, Strategic Sales Director, UK and North EMEA at CloudBlue 

 

Growth for businesses will always be a key objective. However, in this digital age, if it occurs too rapidly, it can often unearth cracks that harbor hidden costs and pre-existing efficiencies.

 When it comes to channel distribution, for the majority of partners, hidden costs are widespread. A lot of partners work with multiple channels and systems, and this can become complicated. It can also affect their ability to track information.  On average, 30%-40% of IT spending  in large enterprises is accountable to inefficiencies caused by shadow IT.

 There is no single root cause of hidden costs. An array of issues such as wasted resources, labour, time constraints, poor implementation oversights and maintenance issues are all contributors, and the cuts only get deeper as partners scale. Here are the ways service providers can eliminate hidden costs.

 

Where to look for hidden costs 

 In general, unaccounted, or unattributed costs originate from four areas, with the first being shadow IT.

 Shadow IT is the use of systems, devices, software, applications, or services without explicit IT department approval. The phenomenon has grown in recent years due to the adoption of cloud-based applications and services, with the average company using 30% more unique SaaS (Software-as-a-Service) apps than they were in 2018. Thanks to the ease of adding new software, departments are going it alone and buying platforms that can be niche, or duplicate processes, and even in some cases using multiple versions of chat apps to communicate internally. 

Mark Wass

The next hidden cost stems from implementation and integration. Channel partners need to work within different systems, and almost always underestimate the budget needed to work with new software solutions. A consistent blind spot across the industry is the inconsistency of implementation and integration at budget.   

In terms of maintenance, it is especially difficult when partners create homegrown software to handle provisioning, relationship management, or data management. While such proprietary software might perform well for initial purposes, maintenance and upgrades can be a nightmare. Likewise, internal knowledge transfer in this situation is crucial.  

And finally, the scalability of expanding from one market to the next is not linear and neither is the cost. Partners that have already launched in one part of the world often think that it will cost around the same to expand into another region, like between the US and Europe. However, this thinking does not consider the additional effort to contend with the new currency, language, audience, and regulation, as well as local operations within the region.  

 

Tackling hidden costs  

The good news is that there are multiple remedies to hidden costs. Integrations, for example, successfully bring together disparate systems and improve efficiency. Partners that have manual processes and pull information from one system before typing it into another are wasting time and resources by dedicating an entire person to this process. Clearly, this should be automated to cut down on human errors and save in the long run. 

Along with integrations, partners should purchase software with scalability and unification at heart. There is no magic platform that does everything entirely so companies should opt for the best of breed, even if the initial investment is a bit more. This will help to offset the concerns of scalability, maintenance, lack of expertise, and potential unforeseen overheads. Moreover, best-in-class platforms help to paint a consistent long-term picture of the health of channel operations. 

For channel health, it is also integral to integrate outside experts to perform an overall business diagnostic. These can be consultants, solution architects, and those alike that know channel software and best industry practices to help architect a scalable and efficient platform. Working in conjunction with the team, these objective outsiders work to find the gaps and tighten any software screws. 

 

Helping the channel by combating inefficiencies

Hidden costs can become widespread, and this can lead to channel partners paying up to twice the price for half the output.

 More than the financial downside, though, hidden costs should be thought of as hidden inefficiencies. Especially in today’s accelerated digital transformation, inefficiencies can make or break fast-growing channel operations. Therefore, weeding out hidden costs with improved efficiencies can work wonders by saving budget and running a tighter ship. 

 Integrated software and platforms can then be used for change. By unifying and standardising existing systems, managers receive a single view of contracts, reporting, sales, marketing, and day-to-day operations. This  provides them with the right tools to achieve sustainable growth. Rather than overwhelming teams with several types of platforms and software, this single operational view allows for the much-needed oversight that is necessary to set a business up for success. 

 It is essential for channel partners to seize the moment and eliminate the perils of hidden costs, especially given the rapid growth of businesses in the digital and cloud spaces.

 

Continue Reading

Business

Automation nation: Liberating workers from desks, data entry and the doldrums

Published

on

By

Gert-Jan Wijman, VP of EMEA at Celigo.

 

Just when businesses thought the tough times were over, even more challenges ensued. While still recovering from the financial effects of the pandemic, companies were hit with an economic downturn that’s now resulted in a recession in the UK.

In this economic context, teams are being forced to do more with less. This means onboarding with reduced manpower, delivering ground-breaking marketing campaigns with less budget and mitigating outlay in the middle of a cost-of-living crisis. Being nimble and streamlining operations has never been more imperative.

That’s where automation comes in. While automating before the recession would’ve been the ideal scenario, it’s never too late to get ahead of competitors. It’s only a matter of when – not if – automation becomes standardised, as businesses insistent on using legacy tech and manual processes will be outpaced by those savvy enough to embrace smarter alternatives. In fact, it’s predicted that in just two short years, 70% of large global enterprises will have over 70 hyperautomation initiatives.

For finance teams and the tech-strapped CFO in particular, automation can be a saving grace. Tech stacks are more complex than ever due to the proliferation of specialised finance SaaS applications for quote to cash, Accounts Receivable & Accounts Payable (AR / AP), cash management, tax, accounting close and corporate performance management. Having the tools to automate these processes enables modern CFOs to adapt to changing tech needs, scale quickly and future-proof their organisations.

Automating today to prepare for tomorrow

Too often, automation is viewed as a job killer. We’ve all heard the apocalyptic narratives about ‘robots taking over,’ but that’s an outdated notion. Instead, automation is a job enhancer. Not only does it minimise errors, speed up processes and help businesses cut down on admin, it liberates employees to dedicate their time to be more creative or perform complex tasks.

Take a company like WeTransfer, for example. Bogged down by manual processes, the team struggled with closing financial books and completing billing cycles on time. After integrating its tech stack, quote-to-cash automation worked immediately and the time to close reduced dramatically, significantly reducing the hours dedicated to manual data entry.

Its revenue accountant was then able to work on core tasks in the finance department and alongside sales operations on the process improvements, no longer worrying about completeness issues associated with the sales and financial systems integrations.

Not only that, it liberated employees physically and unlocked access to more valuable talents. Beneath all the technical and monetary benefits, these are the core principles behind why automation will soon become impossible for firms to ignore.

Physical Liberation

Hybrid work has been one of the biggest positive developments driven by the pandemic. However, while employees surely won’t miss long commute times or the constraints of office life, a disparate workforce comes with challenges. It’s vital that organisations can trust their data and business processes in order for effective collaboration to be possible.

Automation can enable this, as it allows cloud-based systems to share data across a business through integration, ensuring all workers have access to the resources they need to work together effectively wherever they are.

This makes businesses nimble, able to operate across multiple locations when needed and well equipped to decouple entirely from headquarters if needed. Workers can then be as effective from home as from the office, ensuring they can maintain a better work-life balance without compromising productivity.

It’s no wonder then that 78% of organisations worldwide think remote working will increase the proportion of their workforce using automation, while over two-thirds (71%) that have already implemented automation are beginning to feel the benefits.

Liberating Talent

Automation also ensures talent is no longer wasted on manual tasks. 3 in 5 (60%) occupations could technically automate more than 30% of their tasks, highlighting the bevy of possibilities and offering a glimpse at the future of work.

When workers spend their time crunching numbers and organising spreadsheets, it’s easy for them to feel like a cog in a machine. With automation, however, they have more room to share their ideas and feel connected to the operations of the business.

With menial tasks taken out of their hands, employees are freed up to perform more complicated and creative jobs, the sorts of work that could never be automated. And by filling workers’ days with more of these engaging responsibilities, they’re able to feel like they have a real stake in the company’s success.

There is also research to suggest that workers can get as many as 100 hours a year back as a result of their manual tasks being automated, meaning everyone could get an extra two weeks of paid leave without productivity taking a hit.

Automating into the future

Already, over 80% of organisations self-report increased or continued investment into hyperautomation initiatives. So the appetite is there, now comes making it a reality.

Automation at scale is the dream, but the transition won’t happen overnight. In a perfect world, organisations will be able to assign all manual and tedious tasks to the machines, with employees only needing to provide oversight when necessary, but there’s a journey to get there.

That’s why it’s critical that CFOs collaborate closely with their CIOs. Only then can we realise a scenario where manual processes are eliminated entirely, and data across systems can be accessed and updated in real-time. But this will require leaders to understand each other’s needs and challenges so they can align their visions.

As organisations become more disparate, this partnership will only grow in importance. CIOs can empower the CFO and their teams to implement the automation initiatives best for them, with IT maintaining oversight to ensure compliance.

With the right structure and mindset, CFOs and the entire C-Suite can be encouraged to pursue digital transformation in a way that’s most effective for them and the entire organization.

Continue Reading

Magazine

Trending

Business4 hours ago

Hidden channel costs: how to find and tackle them

By Mark Wass, Strategic Sales Director, UK and North EMEA at CloudBlue     Growth for businesses will always be a...

Finance10 hours ago

Is your business ready for finance automation?

Mari-Frances Bentvelzen, Business Head and General Manager of Global SMB at SAP Concur   As managers continue to drive their...

Top 1010 hours ago

The power of a proactive customer service

By Delia Pedersoli, COO, MultiPay   2023 is shaping up to be another challenging period for B2C businesses. While the...

Business10 hours ago

Automation nation: Liberating workers from desks, data entry and the doldrums

Gert-Jan Wijman, VP of EMEA at Celigo.   Just when businesses thought the tough times were over, even more challenges...

News10 hours ago

Protean and Fino Payments Bank tie-up to expand PAN card issuance services in India

Fino Payments Bank has tied up with Protean eGov Technologies (formerly NSDL e-Governance Infrastructure Limited), a market leader in universal,...

Business18 hours ago

What is the True Cost of SMS Phishing?

Gemma Staite, Threat Analytics Lead   Cybercriminals will recycle attack strategies for as long as they are effective. In Fraud...

Technology1 day ago

Digital Asset Management (DAM) To Transform Enterprise Brand Management

Alexander Rich, Co-founder and CEO – Desygner    Rapid digital transformation fuelled by the pandemic has undoubtedly proven beneficial to...

Finance1 day ago

Cost of living: How to identify vulnerable customers

Ellie Engley is account director at REaD Group   In the current climate, the cost of living crisis is a...

Banking1 day ago

Is traditional business banking the best option for SME finance squeezes?

Airto Vienola, CEO, AREX Markets  The pressures facing business and personal finances alike have been well documented. Stories are now starting...

Business1 day ago

Breaking down communications silos to streamline the customer experience

Dave Tidwell, Head of Technical Pre-sales, DigitalWell   The pandemic has, without doubt, moved the goalposts when it comes to...

Business1 day ago

How growth can be a big challenge when a business becomes multiple entities

By Paul Sparkes, Commercial Director of award-winning accounting software developer, iplicit. Organisations don’t just grow in size – they also...

Wealth Management1 day ago

Keeping Cyber Insurance Premiums Down with Deep Observability

By Mark Coates, VP EMEA, Gigamon There is no doubt that the cyber insurance industry has experienced something of an...

Business1 day ago

When it comes to innovation, ignore your CEO and listen to your customer

 By Alex Hammond, Partner, Airwalk   At its core, the 2008 financial crisis was a result of banks incorrectly managing...

Business1 day ago

Netflix-style ransomware makes your organisation’s data the prize in a dark subscription economy

By John Davis, UK & Ireland Director, SANS Institute. Today’s subscription economy makes accessing nearly any service as easy as hitting enter....

Banking1 day ago

BANKING FOR BETTER 

By Alex Kwiatkowski, Director of Global Financial Services, SAS. From shifting market dynamics and mounting geopolitical tensions, to skyrocketing cyber threats...

Banking1 day ago

Why traditional banks need to embrace the agility of fintech competitors

Paul Higgins, EMEA Banking Lead, Mendix   Tech has long played a role in the finance space. The legacy applications running...

Technology1 day ago

SaaS Procurement’s Silver Bullet – How Automation is Changing the Game

Sven Lackinger, Co-Founder, Sastrify   Sven Lackinger is Co-Founder at Sastrify, the digital procurement platform for Software-as-a-Service products. Founded in...

News1 day ago

Tata Motors partners with IndusInd Bank to offer exclusive Electric Vehicle Dealer Financing

Key Highlights:   One-of-its kind Electric Vehicle Inventory Financing program for Tata Motors’ dealers  Limits extended towards EVs will be over...

Finance1 day ago

astrantiaPay Selects SaaScada to Enrich Swiss Landscape of Business Payments and Fill Market Gap

Swiss financial firm, astrantiaPay, to use SaaScada’s cloud-native core banking engine to simplify cross-border payments for SMEs and facilitate international...

Business2 days ago

How Big Data is Transforming Bilateral Trading

By Stuart Smith, Co-Head Business Development – Data & Risk at Acadia   Since its inception, Big Data has been...

Trending