Breaking down compliance

As the clock ticks down to the 25 May General Data Protection Regulation (GDPR) deadline, pressure is mounting for organisations to have their house in order for the new EU legislation. While GDPR regulations will give individuals greater power over their data, companies are feeling the weight of responsibility that comes with their increased data protection obligations.

Whether or not businesses are prepared for GDPR this close to the deadline is an EU wide concern, but the scope of solutions that have come online to meet this new regulation has thrown up some great new products. One of which is Spearline Data Protection, a software solution developed by software experts Spearline via their new division Spearline Risk and Compliance. This Data Protection solution has been designed specifically to support GDPR compliance with a raft of in-house software and legal expertise, the intention being to give businesses a clear pathway towards GDPR compliance. The priority was to ensure anyone could use it, regardless of expertise.

“Our key drivers were around user experience,”says Spearline’s Head of Innovation Grainne O’Keeffe “and converting this huge tranche of legislation into simple steps, streamlining the operational burden of becoming GDPR compliant for already time poor individuals. Spearline Data Protection is essentially an operational compliance programme. If you look at the modules we have, they can directly be tied back to specific regulations. Where you’re obliged to identify the supervisory authority and which one is applicable to your entity, where you need to make a decision on whether a Data Protection Officer is needed, whether you are a Data Controller or Processor for a given process and so on. We have embedded pro tips throughout the system to aid the user. Accountability, Transparency and mitigating risk are integral to the system, in parallel to the legislation .”

O’Keeffe is well equipped to provide expertise after spending 20 years in the financial sector holding senior operational roles in Goldman Sachs and JP Morgan in New York, London and Tokyo. Her legal background together with an army of legal and software experts developed Spearline Data Protection. She says “Organisations using the software will range across the board from data protection officers, to compliance officers, to a business privacy stewards, project managers to technology management so we considered all their needs and requirements as we crafted this software solution.”

One key feature of the software is that each module can be purchased separately. The modules cater to data mapping, policies and procedures, data subject access requests, data protection impact assessments, incident escalation, breach reporting, risk, vendor and consent management. The ease of using this software is enhanced by the clean aesthetic of the interface graphics worked up by an inhouse design team led by Julianne Whooley.

In 2017, 52% of the complaints lodged with the Data Protection Commissioner’s office pertained to Access Rights. “If you’re only interested in a tool that helps you manage Data Subject Access Requests, you can use it without having to buy into the other modules,” says Spearline Risk and Compliance Head of Development, Satish Barot.

Barot moved from India to join Spearline four years ago and has made West Cork home for his family. He began as a Senior Telecommunications Engineer and subsequently became Head of IVR Development before his appointment to the Spearline Risk & Compliance management team, overseeing the software development department. With over 14 years of domain experience in the fields of project management, database design and VoIP (Voice over IP), Satish has a wealth of experience ranging from Lecturing in Engineering at

L.C. Institute of Technology, Gujarat to working with IT, software development and telecommunications companies all over the world.

Understandably data security is paramount when developing software relevant to GDPR, this is not lost on Barot. “It helps that Spearline has prioritised security on its software applications since it was first started up back in 2003,” he says. “GDPR is all about data protection, which as a software company we ourselves implement, therefore we already have significant measures in place to secure our systems and applications. The prerequisite attention we paid to data security has helped enormously in developing Spearline Data Protection. We implemented our own security measures along with industry standard security tools, to make our application more secure, robust, and more scalable.”

Striking the right balance with launching Spearline Data Protection was a big consideration for Spearline, especially the timing of when the product should go-live. “The danger with being first to market ahead of regulatory clarification was that the product developed would no longer be fit for purpose,” says O’Keeffe. “Releasing an offering too soon could have been premature requiring substantial modification. Waiting for clarification was a key decision on our part.”

From there the objective was to run the product through key clients, potential clients and data protection solicitors to get their thoughts and feedback, something critical to O’Keeffe to finesse the offering and ensuring it met the key requirements of the GDPR legislation.

“We believe people are more compliant than they think they are, they just haven’t documented it or quantified it yet. When they sit down and start looking at their policies and procedures, what the output of their data mapping exercise is, what role they play and what risks they have identified they will get great comfort from that. The Spearline offering helps them with this compliance journey and allows them see the wood for the trees”

GDPR is not just a May 25th problem, it’s not about being compliant for one day, it’s about getting compliant and staying compliant. Spearline believes their solution will enable that. O’Keeffe thinks GDPR will be transformative, not only in the world of data protection practitioners, but in the the care, respect and due diligence which will be given to fundamental data rights at every level. She says “In the current climate the level of trust beholden to your organisation is a prize worth winning.”

To get a demo of this comprehensive product visitwww.spearline.com