Beyond the GDPR
Why GDPR readiness must be a constant focus.
The General Data Protection Regulation (the “GDPR”), which is a European legislative act that takes Data Protection compliance to a whole new level came into force on 25 May. In this blog post, Internal Audit Manager, Marie O’Connell and Senior Business Analyst, Carol Butler discuss how the GDPR provides an additional level of Compliance at Abtran and why GDPR readiness must be a constant focus.
“The GDPR represents more than just a deadline; it’s about instilling a continuous programme of compliance readiness, one that’s future focused and reaches every part of the organisation,” says Marie. “It’s about setting even higher Data Protection standards and giving individuals more control over their personal data which in turn creates greater responsibility on the part of Data Controllers as well as Data Processors.
At Abtran, we have a deep heritage of working with organisations that are highly regulated so Data Protection has always been a strong focus. Our existing Quality Management System (QMS) which is supported by our Certifications in PCI-DSS, ISO 9001 and ISO 27001 means we continuously operate to very high standards.
Like the ISO 9001 and 27001, the GDPR requires ownership, accountability and a constant focus on the individual’s rights together with an onus on the organisation to continuously review and improve controls set in place to protect personal information. At Abtran, it’s also about incorporating privacy by design into everything we do that relates to personal data from very early on in the service life-cycle whether that’s from a People, Process or Technology perspective. The introduction of GDPR mandates a higher level of Data Protection compliance across all organisations. At Abtran, it has instilled an even stronger focus on the Customer and the protection of personal data right across the day-to-day running of the business.
Accountability Across Every Level
Looking back, Abtran’s GDPR readiness programme was never about one individual or centralised department. To be effective, it had to reach everyone. As a BPO, we worked closely in partnership with our clients to ensure we were aligned and ready to meet our new obligations as a Data Processor. As a Data Controller, it was about connecting with every function across the business, to ensuring everyone was fully educated and compliant around the new GDPR standards for handling personal data. As well as placing GDPR specialists and programme champions into each Operation and Business Area, our IT, Project Management and HR Teams were heavily involved as well as our Senior Leadership Team, who took a very proactive and hands-on leadership role right throughout the programme.“
Bringing the GDPR to Life
Carol Butler who has spent the past year driving Abtran’s GDPR Education and Awareness programme agrees; “Communication across the business and with our clients was absolutely central to Abtran’s GDPR readiness programme. As a Data Processor as well as Data Controller, everyone at Abtran deals with personal data so training and upskilling was a mandatory requirement for everyone in the company.
Abtran’s Digital ‘MyLearning’ platform made it possible to custom build a training programme that brought the practicalities of the GDPR to life in an engaging and meaningful way that was very relevant to our industry. It was about giving People real world examples that they might come across every day.
Top of Mind
Other ongoing measures implemented by Carol included continuous updates via the Abtran intranet as well as company-wide emails; “It was important that GDPR remained top of mind right throughout the Programme. Communications went out weekly and then daily in the run up to the GDPR coming into force. The Business Intelligence behind the ‘MyLearning’ system also made it easy to monitor the number of courses completed and to continuously track FAQs which ensured training and communication material was consistently updated in a relevant and responsive way.
Remaining Ready and Future-Focused
“As the GDPR is a new European legislative act, it’s important to remain constantly abreast and future-focused,” continues Carol. “For instance, a new Data Protection Act 2018 was signed into law in May of this year and gives further effect to the GDPR, setting out Ireland’s position on matters which the GDPR left to the discretion of individual Member States. We’re keeping a very close watch on the Data Protection Commission and the European Data Protection Board, for further news or new developments that need to be relayed straight back to the business.
While the GDPR is now in full force and effect, the work to ensure ongoing GDPR Compliance is a constant process. As Marie mentioned, remaining future-focused, is about continuously embedding GDPR standards, controls and practices into the day-to-day or BAU of the business. It has instilled an even stronger focus on Data protection compliance while becoming a ‘Modus Operandi’ for the way we handle personal data every day. New People joining Abtran are required to undergo GDPR and Data Protection training as a mandatory module, while refresher training and continuous business updates across the organisation ensure GDPR Compliance remains fresh and top of mind. Additionally, we continue to work closely in partnership with our clients, who remain strongly focused around the whole area of GDPR and Data Protection legislation.”
Beyond the GDPR
For both Carol and Marie, the GDPR not only represents an opportunity; it represents a new era – one that’s about being even more data protection compliant and more data aware; one that instils an even stronger focus on the Customer and the protection of personal data; one that transcends geographic borders and connects people and industry as a whole.