We would love to talk to you. Give us a call, visit us or just send an email.

Support

Whether you're looking for some
assistance or further information
regarding your solution, we're here
to help. Yes, take me there!

 

Sweden

Headquarters, Stockholm

Formpipe Software AB
Sveavägen 168, Stockholm
Box 231 31, 104 35 Stockholm
SE – Sverige
Tel: +46 8 555 290 60
Email

Linköping

Gasverksgränd 2, 582 22 Linköping
Tel: +46 8 500 072 25
Email

Västerås

Metallverksgatan 6, 721 30 Västerås

Örebro

Engelbrektsgatan 6, 702 12 Örebro

Denmark

Lautrupvang 1
2750 Ballerup
Tel: +45 3325 6555
Email

More contant info for the Danish office?

Germany

Formpipe Lasernet GmbH
THE SQUAIRE 12
Am Flughafen
60549 Frankfurt am Main
Email

 

UK, Cambridge

First Floor, Block A, Harston Mill,
Cambridge – CB22 7GG
Tel: +44 1223 872747
Email

 

UK, Nottingham

Unit 1, Isaac Newton Centre 
Nottingham Science Park
Nottingham – NG7 2RH
Tel: +44 115 924 8475
Email

 

USA

Formpipe, inc.
1200 US Highway 22 E Suite 2000
Bridgewater, NJ 08807
Tel : +1 908 200 7937
Email

Follow us
Linkedin
26 October 2017 News General News Platina LS X-Docs Life Science Private Sector

GDPR Much ado about nothing or time to get your house in order?

In response to increasing uncertainty in both our customer community and the wider life science sector, the team at Formpipe Life Science recently set about setting the record straight on GDPR. 

Kicking off with an interactive presentation lead by Colin Swift, Product Owner, the first in a series of planned webinars on the topic promised to provide the 20+ online delegates with a concise overview of GDPR, the operational challenges the new legislation will provide and the opportunity for embracing GDPR compliance best practice with minimal risk and investment.

For those of you unfamiliar with GDPR, or General Data Protection Regulations to give it its proper name, here are some fast facts on the pending legislation:

  • GDPR is being introduced in a bid to harmonise Data Protection laws across the EU. Already technically live and kicking, the transition period will end on 25th May 2018, where new rules and regulations (and fines for failing to abide by them) will come into full force.
  • GDPR will apply to any organisation that is a data controller and is either registered in the EU or has contact with EU nationals.
  • A breach of GDPR can be accidental (perhaps as a result of a cyber attack) or due to poor internal practices.
  • Fines are up to 4 per cent of worldwide turnover, or €20m
  • High profile cases have already been published in the UK by the Information Commissioner’s Office (ICO).

Theoretical discussion only adds so much value so it’s important to bring GDPR to life by looking at current examples of how a failure to appropriately manage stakeholder data has resulted in serious repercussions for several businesses. These cautionary tales were discussed as part of the webinar to provide context - examples of seemingly innocent behaviours, common in multiple organisations, which in fact are in direct violation of the new legislation.

First up was FlyBe. The firm sent 70,000 emails to people who had clearly expressed a desire not to be contacted by the company. The fine? A whopping £70,000. Next up, Honda. The company sent 289,000 emails incorrectly to existing customers and was hit with a £13,000 fine. The third and final example was the supermarket giant, Morrisons. Found guilty of incorrect marketing use of emails, the company was hit with a fine of £10,500.

Once the horror stories were out of the way, it was time to take the bull by the horns, set the scene, and provide a best practice blueprint for effectively safeguarding GDPR. This involved imaginary characters and scenarios, so please bear with us! 

The 1st meeting – This Thing Called GDPR  

Gillian Green attends a weekly management meeting where the General Data Protection Regulations (GDPR) is an agenda item

In the meeting, Legal presents some disturbing GDPR facts:

  • Under the GDPR, the Data Controller will be under a legal obligation to notify the Supervisory Authority without undue delay
  • Fines are up to 4% of annual turnover
  • Last year's ICO fines would be 79 times higher under the new GDPR structure
  • It takes effect on 25 May 2018

Compliance to GDPR is now on the corporate risk register and needs to be managed!

After the 1st meeting …. The Investigation

Knowing the “WHEN”, it is agreed that Oliver Orange – IT Manager – will conduct a further investigation of:

  • Which areas of the business will be affected
  • What systems and data need to be considered
  • How the new regulation can be met on a day-to-day basis
  • Identification of systems and process changes required to comply

The 2nd meeting – The Bad News

Oliver Orange reports back that:

  • The legacy HR IT system is not compliant – the ‘Right to be Forgotten’ and Data Portability provisions of GDPR can’t be met
  • An initial assessment of replacing the HR system is 3M GBP and will not be implemented in time for GDPR (no budget and too late)
  • In addition, there are also files on HR shared drives which are relevant and need to be managed in a controlled manner

After the 2nd Meeting…. The Remediation Planning

  • It is agreed that something needs to be done and the data needs to be controlled and quarantined, so it can be demonstrated that actions have been taken and an effort to comply has been made
  • With this in mind, the following options are to be considered:
  1. Migrating the data into the new HR system
  2. Developing an in-house archive
  3. Finding tools to support GDPR compliance

The 3rd Meeting…. The Better News

Each of the three options were investigated and the results are: 

  1. Migrating the data into a new HR systemthis option is deemed too risky based on the remaining timescale and only fixes known HR data issues
  2. Developing an in-house archivespare capacity does not exist in-house and the timescale makes this option too risky
  3. Finding tools to support GDPR complianceSeveral vendors were considered and Formpipe were selected as the preferred vendor to provide an Electronic Archive to hold legacy GDPR related data

After The 3rd Meeting…. The Remediation Process

It is agreed that the Formpipe solution will be employed and a project manager - Claire Coffee - is assigned to manage the implementation

1.) The shared drive files are targeted as a quick win and these files are ingested into Long Term Archive (LTA) using Formpipe's Lasernet input/output management tool

2.) With the GDPR compliance risk mitigated, it is decided to retire the legacy HR system within 12 months, which will save support costs for both the application and the legacy hardware it runs on

Ultimately, we came to the conclusion that there is no magic bullet for GDPR compliance. Technology alone isn’t capable of creating a totally risk-free set of processes for managing the associated compliance demands GDPR will bring. What it can do though is play a vital role in helping organisations, regardless of their size or perceived complexities, take more control of the data they manage and significantly reduce the risk of compliance failure, while reducing dependency on outdated, costly legacy systems. Organisational buy-in is also vital, as are robust internal processes and continuous monitoring of behaviours.

GDPR is by no means much ado about nothing or reason to panic but its significance shouldn’t be underestimated either.

 

For an informal chat about how Formpipe technology can help your organisation get its house in order, and get and stay compliant, contact Ben.Saxton@Formpipe.com or visit and read more about:

Long-Term Archive logo

Platina LS logo

X-docs logo

Adoxa logo