The numbers are staggering. Since 2005, more than 1 billion consumer records have been breached in 7,800 separate instances. Equifax, Target, and Neiman Marcus were the most prominent in 2017.
Gartner blogger and analyst Avivah Litan predicts that the stolen information may be: 1) sold and resold underground; 2) used to update existing identity records; 3) used to take over existing bank accounts, brokerage accounts, and phone service accounts; and 4) used by adversarial nation states to disrupt or steal from U.S.
All these have very serious consequences for individuals affected and the overall society, and the damages are very hard to quantify. That’s where the General Data Protection Regulation (GDPR) steps in to protect the rights of consumers by providing them with more control over who has access to their personal information and hold corporations accountable for how they collect and process information.
The GDPR (EU) 2016/679 is a regulation on data protection and privacy for all individuals within the European Union. It is the latest in the series of regulations to formalize governance around security; PCI, FISMA, FCPA, HIPAA and other more formal standards precede it. Besides strengthening consumer rights, the GDPR begins to formalize security standards that companies must put in place to protect consumer data.
All European organizations, as well as non-European organizations collecting data pertaining to EU citizens, are expected to be GDPR-compliant. The new GDPR guidelines regulate the processing, storage, usage, and deletion of personal data. In line with the GDPR, data subjects must be given access to their own personal data, as well as real-time information about its use, upon request. Any breach that compromises an individual’s personal data must be reported to the appropriate supervisory authority.
The GDPR requires that enterprises take significant measures to protect consumer information. All enterprise software vendors are re-evaluating how they store and manage sensitive data. As the leading Robotic Process Automation platform, Automation Anywhere provides the most comprehensive set of security features in the industry, including:
Robotic Process Automation (RPA) platforms touch many enterprise resource planning (ERP) tools and a massive amount of data in your organization. If you are using or considering RPA platforms, follow up regarding the security controls for GDPR environments with your vendor.
If you are currently relying on manual processing to handle customer data, any human errors could affect your company’s compliance. Regardless of how careful you are, there is always room for error, and your company is never entirely safe from non-compliance. RPA helps you automate the processes defined by your legal and business teams to be GDPR-compliant. Here are some ways Automation Anywhere customers are using bots to help them with compliance:
With all the data collected from sensors, Internet of Things (IoT) devices, and office systems, an organization must be able to document all the data it holds, where it came from, and how it uses that data. Organizations must always be able to submit up-to-date reports to the data protection authority. When it comes to personal data, the GDPR requires companies to purge it once the defined holding period has been reached.
Here’s where RPA can help. Bots are employed to automate the process of masking personally identifiable information (PII) data across applications. Natural language processing (NLP) enables bots to recognize PII data that does not meet an established policy and generate alerts to intercept the issue.
Under GDPR regulations, European customers can request to receive insights about how their personal data is used and stored within an organization. Done manually, this would require a team of people to navigate through all the company’s relevant documents to gather this information. Bots can automatically navigate through different systems, pull the relevant data and email a report back to the consumer.
Under GDPR regulations, individuals have the right to have their personal information deleted promptly upon request. Without process automation in place, this requirement alone will require the IT staff to manually access and delete data from an average of fifty different applications. Bots can be orchestrated to delete customer information as soon as a request is received and validated.
The GDPR mandates that in the event of a data breach, those affected need to be informed within 72 hours of the event. In the case of large breaches, such as with Equifax, where 143 million people were involved, notifying all the parties within 72 hours can be an enormous challenge. It is easy to orchestrate software robots to perform the job to ensure that the procedure is handled within the mandated time frame.
Enterprise RPA platforms are equipped with audit logs that monitor all operational processes, logging users and events at every stage of the process. In the event of a data breach, audit logs enable rapid root cause analysis, providing timely forensic analysis to identify and report a breach. Content relevant to a specific internal or external event can be aggregated in real time. This is especially useful if an organization needs to investigate fraudulent activity.
Hidden data is tucked away in legacy systems that are more than a decade old. While data might be accessed from this system from time to time, it’s now more important than ever to uncover customer data that is lurking in the shadows. RPA is the easiest way to integrate these legacy systems with your current technology platforms, and document available data that may cause you to be non-compliant.
As companies dissect and understand the regulation, there are fears that the GDPR’s enhanced rights of data subject could prompt a flood of requests that result in costly administration. Responses to GDPR requests are likely to be limited to a small number of clearly defined processes — making it a perfect platform for RPA.
The Automation Anywhere RPA platform improves control and oversight, as well as reduces costs and effort in implementing different aspects of the GDPR and other data standards that are expected to follow. With RPA, GDPR compliance becomes a non-issue.
REQUEST A LIVE DEMO
A growth-focused product marketer, Ritu Kapoor serves as the senior director of product marketing at Automation Anywhere. She enjoys launching new products and evangelizing innovations in the RPA space.