Four percent of a company’s worldwide annual revenue or €20 million – whichever is higher. That’s how much any business based anywhere in the world could lose if it is found to use the data of Europeans in violation of the General Data Protection Regulation (GDPR), which goes into effect on May 25th. But while it’s tempting to think that those numbers are the reason businesses in Europe and around the world need to make compliance with the new regulation a major priority, there’s another number that tells the other half of the story: 99. That’s the number of articles that make up the GDPR – just a hint of the broad range of requirements it entails for companies covered by the law.
In addition to that breadth, the regulation is notable for the ways it will expand the responsibilities of businesses, for the number of countries in which it applies, and for the severity of the penalties for violators. And rather than applying only to companies based in the countries of the European Union, it will also regulate the behavior of any company that handles the personal information of EU citizens.
How will the GDPR impact these companies and people? The short answer is that it will increase the level of privacy guaranteed to individuals and the level of accountability demanded of companies regarding their use of personal information (including the steps they take to keep that information secure). A little more specifically, here are just a few of the law’s requirements:
- When asking for an individual’s permission to use their information, a company must make the consent process straightforward and make it easy for an individual to withdraw their consent.
- Should a company discover a breach that is likely to pose a risk to personal data that it has acquired, it must notify potentially affected individuals within 72 hours.
- Individuals must be allowed to find out whether a company is using their personal information – and, if so, where and how. They must also be allowed to obtain a copy of this personal information.
- Individuals must be able to move their personal information to another service provider and/or have it deleted promptly upon request, AKA the “Right to be Forgotten.”
- In order to store the personal information of children under 16 (or, in certain cases, under an age as low as 13), a company must obtain parental consent.
Exciting stuff, right? It is if you’re looking forward to having your personal information treated with greater care online. But for employees tasked with helping companies comply with these requirements, the new day-to-day tasks may be monotonous and repetitious.
The upside for their employers? Given these processes’ predictable and repetitive nature, many of them are good candidates for automation.
How Can RPA Help?
Because GDPR is (mostly) a series of rules, many of the processes that companies need to perform in order to comply with the law are rule-based, making it relatively easy to use robots to perform them faster than full-time employees can.
Additionally, the breadth of GDPR – combined with the huge number of consumers covered by the law – means that many companies will need to process vast amounts of information in order to comply. At the same time, efficiency and speed can make a world of difference for these businesses, both because they need to be fully prepared to follow the law by May 25 and because after that date they will constantly need to maintain their compliance.
But perhaps the most important reason RPA can be a promising solution for GDPR compliance is the high stakes of possible human errors. Given the volume of information that companies need to process and the speed with which they need to process it, there is a chance people could make simple mistakes. And with penalties for a business’s noncompliance that could reach four percent of its total annual revenue (or even higher), falling short could have powerful consequences.
How Does Kryon Address Key RPA Challenges?
Given those stakes, not all RPA solutions are necessarily the right match for all companies. If you’re looking to automate elements of your compliance work, it’s important to keep in mind both the challenges involved in implementing an RPA solution and the specific ways in which GDPR will affect your business. For many companies, Kryon’s flexibility, user-friendliness, and AI-based ability to process images and text make it a powerful tool for simplifying and streamlining time-consuming processes.
First, since compliance with GDPR can require a business to complete many rule-based processes, it’s important to be able to quickly and easily record these processes. Kryon addresses this challenge through its intuitive process-recording interface. Using Kryon Studio, it’s simple to perform a task and have it recorded automatically – even by employees without a technical background. Then, you can edit any recorded process anytime you want.
Second, in order to automate certain processes, you might need a robot to be able to “view” and interpret unique texts written by individuals. Kryon uses artificial intelligence to offer optical character recognition, image recognition, and natural language processing – enabling you to automate even these more complex tasks.
And third, because the ways GDPR will affect a company’s day-to-day operations vary based on the company, having a flexible solution is key. With attended, unattended, and hybrid solutions, Kryon allows you to automate tasks in the most efficient way for your business – whether on an employee’s computer, on a virtual machine, or using some combination. This way, you can fully automate those tasks that can be entirely handled by robots, while also allowing for more limited automation of tasks that still require some employee involvement. You can also integrate fully automated tasks (performed by unattended robots) with partially automated processes (performed by attended robots), maximizing your efficiency.
How can these robots help you streamline your compliance work? As an example, let’s say your company receives a message from an individual asking you to delete their personal data – a request on which the company will need to act quickly under GDPR. Rather than have your employees spend their valuable time processing this request (not to mention the potential for human error here), you can have a Kryon unattended robot take the following steps:
- Monitor the inbox, web form, or whatever channel the erasure requests come through, and determine that there is a request to delete personal data.
- Send an email to the person requesting their data be deleted, letting them know you have received their request.
- Verify that the individual requesting the deletion is the person they claim to be, based on information they have provided.
- Alert the appropriate team members, in case completing this request could be harmful.
- Delete the data, even if it’s stored across multiple systems and even if it’s password-protected.
- Notify the individual who made the request that their data has been deleted, and then update your compliance team.
Getting Ready for May 25
Compliance with GDPR is critical for many businesses, but it is not simple. The law’s breadth and the huge number of individuals protected by the law promise to keep countless companies in Europe and around the world busy these next few weeks, especially because failure can be so expensive.
Given these challenges, RPA offers companies a more efficient path to compliance. And with Kryon’s solutions, you can quickly and easily automate a wide variety of rule-based tasks to fulfill your legal requirements, even using AI to interpret and process unstructured information provided by individuals. You can choose the optimal combination of attended and unattended robots available for your business’s needs, and – perhaps most importantly – you can count on Kryon’s robots to prevent potentially costly human errors.
This way, despite the challenges that many companies are likely to face this spring, you can rest easy – knowing your business is well prepared to navigate the business and regulatory environment of the age of GDPR.
For further information & resources:
Home of GPDR: https://www.eugdpr.org/
To find out more about how Kryon can help your business prepare for GDPR contact us today.