How to solve GDPR practical issues with RPA?

Robotic Process Automation (RPA) is often the most effective way to implement the GDPR, the EU’s new data protection regulation. For example, in the future, the customer has the right to check what information has been stored about him and to which system, the right to transfer the data or to “be forgotten”, and the right to be informed within 72 hours of a data breach.

GDPR touches virtually every organization that processes personal information such as names, phone numbers, bank account numbers, personal identity numbers or postal addresses. Many organizations may even be facing problems that sounds almost invincible, because personal data has been stored in dozens or hundreds of systems without thoroughly considering the consequences. What if a customer or employee should request a report, should want to move her data or become “forgotten”? How would such a report be created or how would such a measure be implemented in a reasonable time and work load frame? Well, manually certainly it just is not feasible at all. IT development could be an option, but it comes at a high cost. Fortunately, the software robot has been invented. It is a digital worker who loves such routines and thrives in the midst of many IT systems. For the robot it is not a problem to create the same report about the same thing again and again, thousands of times each day. And it does not forget to check the fiftieth target system even if the phone rings at the critical time.

One possible disaster scenario is where a hacker manages to access data containing thousands of customers’ private information. How would everyone be personally informed about the data breach within 72 hours? Impossible manually.. But the software robot can easily be taught to do this. If the damage occurs one day (which of course we do not wish to happen), it is easy to put one or ten software robots to perform the job to ensure that the procedure is handled within the given 72h time window.

If your company does not yet fulfill all the GDPR requirements we are happy to help you. We still have some time before the enforcement of the regulation. However, the time for waiting is over. When we wrote this, on November 20, 2017, the time until enforcement was 185 days and counting. When you read this, it is probably already a few days less.

If you got interested, please contact us!

Tiina Leivo, Head of Healthcare

Jari Annala, Digital (R)evolutionist