Skip to content. | Skip to navigation

Personal tools
Sections
You are here: Home Focus Why Legacy Data Systems Are Inadequate Under GDPR

Why Legacy Data Systems Are Inadequate Under GDPR

18 May 2018, 11:51 CET

Before the widespread adoption of cloud-based data management systems, most companies relied on in-house processes, either privately developed or using closed software. These systems were sufficient to the time, but for those businesses still relying on legacy data systems, the time has come to make a change.

With the launch of the new General Data Protection Regulation (GDPR), businesses need to comply with more stringent documentation and protection rules – and legacy systems just can't meet those standards.

GDPR Details

Starting May 25, 2018, all EU companies, as well as international businesses handling EU-based data, must comply with the GDPR regulations, but existing data presents certain problems. Do companies need to acquire new authorizations and permissions or get rid of old data? As per the Information Commissioner's Office and their draft Guidance on Consent, that may be the case. In short: meet the guidelines or ditch the data.

A Show of Security

One key element of the GDPR is that businesses need to demonstrate that they're in compliance, not just do the work behind the scenes. In many cases, that means being forthright with customers and finding ways to work together, issuing appropriate privacy notices, and maintaining records on all data processing activities.

Ultimately, these increased security practices aim to provide citizens with greater protection against data breaches. Now, businesses will be required to notify customers of data breaches within 72 hours. And that means, in addition to enhanced data collection and processing practices, businesses need better security systems to reduce the likelihood of data breaches altogether.

Shifting Gears

As businesses ditch legacy data systems, they'll obviously need to adopt new processes and programs – at every level. Greater email security using end-to-end encryption, revocable messaging, and data audits, for example, provide both businesses and their clients with greater control over email content.

From a development perspective, GDPR will also impact software development on a global scale. Once the GDPR goes into effect, EU-based companies won't be able to transfer data internationally unless there are sufficient security protections. This applies on a business to business level, rather than a national one, any business that participates in transactions with EU-based companies, or companies based outside the EU that handle data from those countries, so each business needs to develop or adopt software that meets the new terms.

A Collaborative Approach

Ultimately, businesses need to take a collaborative approach to data management, because, with the death of legacy systems, most work with external providers on data management. Internal collaboration is also vital, as data strategy leadership is often divided, touching on marketing, data-specific teams, corporate boards, and legal and compliance departments. But no matter who's taking the lead, businesses agree that data strategy and management needs improvement.

GDPR may be a European regulation, but at the end of the day, it's going to transform how the world uses data. Business data is a global project and the last few years have proven just how vulnerable that data is. So say goodbye to legacy systems and hello to increasingly interconnected, yet protected systems. Unless businesses fall in line, they'll find themselves isolated in the global marketplace.

Document Actions
Weekly Diary

The Week Ahead no. 623
Waste framework directive - microplastic pollution - agriculture situation and Ukraine - Multilateral Investment Court

→ EUbusiness Week archive

Subscription options