Mid-market Financial Services (FS) firms can now benefit from a fast, intelligent and effective solution to achieving GDPR compliance, thanks to the new GDPR EXPRESS from new generation GRC solution provider OXIAL.
With the deadline for the EU’s General Data Protection Regulation (GDPR) coming into effect on 25 May 2018, the GDPR EXPRESS solution uses an automated digital compliance approach to offer 100% GDPR compliance. Live and operational in less than 90 days, the new solution is based on OXIAL’s years of experience in risk management, IT security and compliance and reflects the urgency for mid-market FS firms to begin getting GDPR-ready.
“GDPR is the most significant change to data protection law in the EU for a generation and the penalties for failure to comply could be catastrophic for some organisations,” said Eric Berdeaux, CEO, OXIAL. “For bigger firms with compliance teams and the resources to allocate sufficient time to GDPR, there should be few problems getting GDPR-ready, but for mid-market organisations it is a different matter altogether. Our GDPR EXPRESS solution removes the burden of GDPR for such businesses, by using a digitised approach to ensure every requirement for GDPR compliance is met.”
Compliance is a business function in many organisations that is yet to be significantly altered by digitisation, and OXIAL has placed digital at the heart of its new GDPR EXPRESS solution. It comes with a number of powerful features to help address GDPR, from an initial step-by-step project plan to reporting mechanisms for the regulator and senior management.
The GDPR EXPRESS solution encourages compliance to be treated as a continuous process, advised and supported by external experts who will allow an organisation to drive GDPR more efficiently and to reach the desired results from a compliance perspective.
Approached in this way - supported by automation of processes to ensure nothing falls through the cracks - means an organisation knows exactly how GDPR relates to their business and data, and is able to assess what they must change in order to be compliant and gauge where the priorities and responsibilities lay.
“A major challenge for mid-sized firms is the sheer volume of data that must be accounted for,” continued Eric Berdeaux. “Data is stored all over an organisation - how do you find it, how do you manage and protect it and how do you ensure it is GDPR compliant? Without the know-how, time and experience of compliance teams in bigger firms, answering these questions is a significant problem and one with enormous consequences should an organisation not be able to do so.”
There is also an important security element to GDPR, with enormous volumes of data to keep secure. OXIAL has partnered with cyber security provider Global Data Sentinel (GDS), to keep GDPR data safe. GDS is a cross-domain, zero-knowledge system, so all data within a network or cloud is stored encrypted, meaning even IT personnel cannot see it. GDS resides seamlessly inside in organisation’s existing network, securing data from the get-go, without requiring any additional infrastructure investments.
Every organisation - irrespective of where in the world they are located - must comply with GDPR if they hold or collect data on European citizens. To ensure compliance, organisations must keep records that show data is stored and used in the right way. Failure to comply will result in fines of up to €20,000,000 or 4% of an organisation’s annual global turnover, whichever is greater.
“Compliance does not begin and end on a fixed date and 25 May 2018 is certainly not the end of GDPR,” said Eric Berdeaux. “Compliance is an on-going process and should be managed as such, including compliance around GDPR. That’s what we are aiming for with our GDPR EXPRESS solution and we believe it can be a game-changer for mid-market firms that are struggling with GDPR requirements.”