The ability to completely erase customer data across all systems is just one of many GDPR compliance considerations.
ay 25, 2018 is the enforcement date for the European Union’s (EU) General Data Protection Regulation (GDPR) legislation. Given that penalties could be 10-20 million euros or 2-4% of global revenue (whichever is higher), any company that sells to, or otherwise processes the personal data of EU citizens, needs to ensure compliance.
Fortunately, IBM OMS is structured in a way that provides many compliance options. Depending on how your organization’s Data Protection Officer decides to comply with GDPR (and any other data protection obligations), you may want to consider the following:
Hosting & Deployment
- Move your IBM OMS instance to a hosting provider that is GDPR compliant and allows you to choose whether your data is stored in the EU
- Host the IBM OMS database shard containing EU customer data at a GDPR compliant hosting company or a host located solely within a GDPR recognized country
- US based companies may choose to self-certify for the Privacy Shield Framework and self-host IBM OMS
- Use a User Authentication tool that enforces strong security protocols, such as Active Directory
- Ensure that any updates to your customer master are propagated to IBM OMS quickly and correctly
- Ensure that any customer data updates (including deletion) are pushed to other applications (e.g, eCommerce, email marketing, etc.) and third party vendors (drop shippers, 3PLs, etc.)
3rd Party Vendors
- Develop a notification trigger that automatically sends customer data updates or deletions to 3rd parties with whom you’ve shared your customer data
- Review all contracts with 3PLs and drop shippers to ensure they update or delete your customer data as necessary
- Develop a way to track whether a person is an EU citizen and display this information to Call Center representatives
- Develop a mechanism for a System Administrator or Call Center representative to easily erase all personal and transactional data so you can comply with requests within one month
- Develop a mechanism to easily export individual customer data (including transaction data) into a structured, commonly used, and machine readable form, such as CSV, either for self-service download from a web site, or generation and email by a call center representative (for data portability compliance)
Time is short. With the deadline less than year away, and the risk of penalties is high, you need to act now so you’ll have enough time to:
- Prepare your systems
- Update vendor contracts
- Develop new business processes
- Train your employees
With deep expertise in IBM OMS, global deployment management, and complex system integrations, Bridge solutions Group is uniquely positioned to assist you.
Contact Us to learn more.