Healthcare, medical research, clinical trials, finance, the military - In these regulated sectors, there is process. Always. Processes for everything. So, I imagine, the imminent arrival of the GDPR is no bigger a threat than any other regulatory change.

Now spare a thought for the rest of the world. Where document classification, audit, or process automation isn’t second nature. This is going to be a shock.

The new EU General Data Protection Regulation (GDPR) defines how companies manage the personal data of citizens living and working within the EU boundaries in specific ways. These new ways of managing data will require companies to put in place complex processes in order to comply with the law.

And this is where tooling comes in. No matter how well trained an organisation’s staff and leadership team are, and how well suppliers and contractors are managed, the weakest link in any compliance chain is the human element.

Plan out data handling and marketing processes collaboratively and thoughtfully by all means. But implement them manually at your own peril. Compliance is a process, compliance management is risk management. Failure to comply brings with it huge risks of fines and reputational loss.

Compliance marries guidelines with penalties to ensure the guidelines are taken seriously.And so as part of any risk management strategy, risk mitigation is a fundamental activity.

Back to the human element.

I wouldn’t bet my risk mitigation strategies purely on people following a written process accurately every time. Neither would I risk spending time documenting my GDPR data handling and enquiry policies only to leave the correct implementation of them to chance. Enter process automation.

I’m not talking Business Process Management (BPM) here. BPM, in some spheres, has had a really bad press. Hard to implement, projects are lengthy, expensive, unwieldy and the end result is often equally difficult and expensive to adapt to change.

No, I’m talking about a new breed of technology. WYSIWYG designers, drag and drop, click to configure, connect to anything, run wherever you need the process to run, structured data capture via responsive forms, auditable, mobile capable. And most importantly, quickly adaptable and clearly reportable.

These technologies take new development standards, make excellent use of cloud compute technologies and feed the market’s desire for tooling that is equally comfortable in the hands of power users, IT pros and developers alike.

Many organisations will be approaching compliance with the GDPR from a traditional IT standpoint. Guard the perimeter. Lock everything you can down. But history shows that as a strategy it will never work.

The weakest link, the highest risk link in your strategy is the person, malicious or otherwise. Time to mitigate with process automation.


By Simon Wright, CEO at Britecloud

GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at

comments powered by Disqus