How can RPA address GDPR compliance needs?

Feb 13, 2018 Sandeep M Somashekar

General Data Protection Regulations (GDPR) will come into effect on May 25th, 2018 and it replaces the existing 1995 EU Data Protection Directive. GDPR applies to all organizations gathering, processing and storing personal data of European Union citizens regardless of the organization location. Data covered under GDPR includes any data that can be used to identify a person directly or indirectly and it enforces steep fines for non-compliance of up to 4% of annual global turnover or 20 million euros – whichever is greater.

GDPR has strengthened rules for the ‘right to object‘, ‘right to be informed‘ and ‘right to withdraw the consent‘ for individuals and has set additional rules around data breach notification and transfer of data outside the EU.

Robotic Process Automation

Robotic Process Automation (RPA) is the latest technology to automate rules-based tasks, and it can be implemented in a matter of few weeks. It works on UI automation, by imitating a human operator without changing the underlying application.

To address the strengthened rules around Individual rights, organizations need to act on consent, rectification and erasure requests. Organizations are required to build or adapt existing line of business (LOB) applications to handle consent or erasure related requests. The personal identifiable information (PII) data spans across multiple applications and the number of applications that store the PII information increases with the size of the market and the product portfolio of an organization. Upgrading all LOB applications is an expensive and time-consuming task, and herein we have an alternate approach.

An RPA bot can scan the consent, rectification and erasure requests from a database and propagate changes into all the LOB applications, resulting in limited application upgrade yet adherance to GDPR requirements. Short implementation cycles for RPA work great to provide a quick, secure means to address the newer requirements put in effect due to GDPR without incurring extensive LOB application overhaul.

In the next blog, I will discuss few more cases where RPA can be used to address GDPR guidelines.

Sandeep M Somashekar

Sandeep heads the Robotic Process Automation (RPA) practice at iNatrix. He has worked on a wide range of technologies such as embedded programming, OS internals, and latest web technologies. In his personal time, he enjoys cycling, and reading non-fiction.