Product Page Header Module
Intro text Module
The General Data Protection Regulation (GDPR), which comes into force from May 2018 onwards, will change the business and regulatory environment in the European Union (EU) and beyond. GDPR places new demands on companies to have in place strict processes to collect, store, process and use personally identifiable data of EU citizens. The law offers individuals greater control over their own data, and strengthens data protection efforts across the region. Non-compliance can result in huge fines of up to 4% of a company’s global annual turnover or €20 million, whichever is higher.
As the compliance deadline approaches, all companies with customers in the EU are worried about aligning their systems and processes with the provisions within GDPR. While it may be a minor inconvenience in the short-term, GDPR is geared to accelerate the digital transformation efforts for many companies. As data becomes a significant resource in the Internet of Things (IoT) economy, inbuilt checkpoints laid down by GDPR will go a long way to improving customer trust and loyalty, as well as enhancing business efficiency and paving the way for true digital transformation.
Service providers need to work with partners and suppliers who embrace the spirit of GDPR and view the regulation as an enabler of digital transformation. While there is no uniform approach towards GDPR implementation, it is important that vendors offer the necessary support required for GDPR compliance, and service providers need to develop a holistic action plan to comply with the new laws.
Cerillion has been at the forefront of discussions around GDPR, and our team of experts have ensured that our systems are aligned with the unique demands of the regulation. We do not see GDPR as a one-time project; instead we see it as a continued commitment towards the success of our clients.
Our customer management solutions help our clients to achieve GDPR compliance in the following ways:
- Consent management – Provides the ability to communicate clearly how customer data will be used and to obtain explicit opt-in consent for inclusion in marketing campaigns, including separate settings for email, phone, SMS and direct mail (post).
- Right to erasure – Provides a two-step authorisation process to manage the deletion of customer-related data, subject to retention where there is still a lawful basis for processing.
- Time-based archiving – Offers the ability to configure automatic time-based archiving of customer data when there is no longer a lawful basis for processing.
- Security – Comprehensive role-based access controls for system functions and customer data, as well as encryption of sensitive personal information and regular external security testing for online (internet-accessible) applications.
- Auditability – Comprehensive audit trails at application and database levels, including user id and date/time stamps.