How IPI Solutions Team Up To Achieve GDPR Compliance

June 22, 2018
Posted in IPI BLOG
June 22, 2018 Adio Ayotoro

IPI Solutions Helped Templars, ACAS-Law And NIRSAL Achieve GDPR Compliance In Due Time.

Forming part of the effects of digitization and the data driven era which we live in today is the consistently growing levels of digital data being stored by organizations globally. The advent of the internet and advances made in technology today has invariably altered the ways within which personal data are both being collected and processed. Thus leading to continual growing concerns regarding privacy and level of data security.

Justifying this fears and concerns has been the rise in cases of data/information breaches experienced even most recently. Thus, Fueling the general consensus being maintain by a larger part of the society as regarding the implementation of the General Data Protection Regulation being timely.       

General Data Protection Regulation as reviewed and enforced on the 25th of May 2018 is the regulation requiring businesses to protect the personal data and privacy of citizens of the European Union (EU) and the European Economic Area (EEA) in general. The regulation supersedes both the outdated Data Protection Directives of 1995 and stands as the official implementation of the General Data Protection Regulation adopted on the 27th of April, 2016.

Essentially, the reformed regulation constitutes significant changes impacting on businesses globally due to its revised regulatory scope extending beyond the regulatory boundaries/jurisdiction It previously covered. As it stands today, every organization whose business activities in any way involves processing data of EU citizens irrespective of their location also fall under the regulatory radar of the GDPR and would be held liable for any breach in compliance.

According to the reformed regulation, organizations are required to initiate and implement processes and strategies that would ensure privacy and data/information are adequately secured and protected the best way possible. Failure to attain the required standard which happens to be really high, by either data processors or controllers by default would attract a non-compliance fine up to the tune of 4% of Global turnover or E20million (Whichever is greater), all with effect from the date of the regulation being implemented. 

Fundamentally, the regulation seems to promote pseudonymization and anonymization as storage mediums to not only ensure data privacy and security but to also mitigate against possibilities of data being made public without clear consent.  

In light of these new developments, indigenous firms such as Templars, ACAS-LAW and Nigeria Incentive-Based Risk Sharing System for Agricultural Lending (NIRSAL) most recently were taken unaware with the complex challenges and requirements that had to be met to attain the new GDPR certification. Being an organization that maintained EU citizens as part of their clients. 

In addressing this concern, the three firms in question by solely utilizing the technical aids (cloud solutions, consultations and support) both initiated and implemented by IPI Solutions Nigeria Ltd (A 1-Tier Microsoft Cloud Solution Provider) were able to attain the required standard for compliance just in time.  

Being aware of the lengthy and complex requirements, IPI Solutions was able to structure precise strategies and implement inbuilt measures that would by default cut across all spectrums required to ensure that strong privacy rights and data are protected and breaches also reported.

Precisely Forming part of the measures and strategies aforementioned were:

·         Improved data policies and processes to support data subject rights and ensure lawful processing.

·         Tighter controls to manage and protect personal data.

·         Better governance tools for better transparency, record keeping and reporting.

By utilizing one of our cloud solution offerings (Microsoft 365 Business), we were able to simplify the whole process significantly for the three firms. The cloud solution in question comes along with a tool called Compliance Manager which helps to centralize the whole compliance management process and also proffers real time assessment on Microsoft cloud products.

With the compliance process being a two-way trail between both parties (Microsoft and IT Administrator) sharing respective responsibilities, the compliance manager helps indicate how Microsoft meets its responsibilities and also what is required to be done by the second party (IT Administrator) to attain the required compliance standard. Furthermore, the tool also enables the ability to modify the dashboard to reflect only regulations applicable to the organization respectively.  

With this feature, the three firms were availed with the opportunity to be in the loop at all times regarding the necessary actions that should be taken to ensure compliance sustainability and even goes further to proffer suitable avenues upon which pre audits can be prepared for external audits. 

As regarding data security and privacy more specifically, specific tools aiding identity and access management were initiated to enable the protection of information both at the identity level and document level. Also inclusive were technologies that help identify treats and ensure for an apt recovery if there be any case of attack. 

By strategically employing all these measures, we were able to assist the firms in overcoming the complex challenge of attaining GDPR standards. In the process, saving them strategic partnerships, possible breaches and funds that would have been either suffered or lost as a result of being non-complaint.

As we speak today, Templars, ACAS-Law and The Nigeria Incentive-Based Risk Sharing System for Agricultural Lending are all fully GDPR complaint. 


, , ,