Three Reasons GDPR Compliance for NFON Comes Naturally

Three Reasons GDPR Compliance for NFON Comes Naturally

02. May 2018

The EU’s decision to bring in a General Data Protection Regulation (GDPR) has been a bitter pill for many European organisations to swallow. Few were prepared for how it would differ from the country-by-country data protection ‘medicines’ it was designed to replace.

Like all medicines, there are serious consequences for your health if you don’t follow the prescribed GDPR treatment. There can also be disruptive side-effects when you start taking it.

Inspiring trust with customers and partners

Our story is different. Nothing indigestible has disturbed our equilibrium. Nothing artificial has caused us pain. For us, reaching GDPR compliance has been a 100 percent natural and organic experience. As the May 2018 deadline approaches, our customers and partners can be assured of our successful commitment to this important regulation.

Achieving GDPR compliance has taken more than six months’ hard work and smart project management, and we’ve sought expert external advice to validate our work.

The key to GDPR compliance is identifying and changing many of the processes that relate to how you store and process personal data. We are accustomed to working with personal data, which makes information governance a central pillar in both our technology and business culture. Our GDPR response has also been simplified by the fact that, unlike other types of organisation, we do only store necessary volumes of personal data.

It has been a challenging process, and we have succeeded for three principal reasons:

1. We embrace stronger data governance.

The penalty for GDPR non-compliance is a fine of up to EUR €20m, or 4 percent of annual global turnover – whichever is greater. Financial penalties are driving compliance in most organisations. However, our perspective on data protection differs. We do not view additional requirements as a burden, yet as essential to improving people’s lives. By strengthening our obligations to customers, we safeguard our reputation for the future. We are not resistant to change!

The other motivation for embracing stronger data governance is that we love technical challenges! GDPR compliance has given us the opportunity to engineer existing processes (and create new ones) that enhance the value of our business and demonstrate genuine leadership in our marketplace.

2. We are German to our core!

The effect of achieving GDPR compliance means we are standardising a common approach to data protection across all our European operations. This makes the GDPR compliance process more efficient for each of our European subsidiaries, as each is able to locally leverage the templates, processes and guidelines we produce centrally.

We are proud to be a German-founded and headquartered company. This is also a major selling point for our high-quality services and premium solutions that are ‘made in Germany’.

The most important relevance of being headquartered in Germany is the global reputation of our national data privacy laws, which are some of the most stringent globally. Competitors simply do not have the same heritage and cultural understanding of the importance of data privacy and protection.

For example, take the 2018 CLOUD (Clarifying Lawful Overseas Use of Data) Act, a recently introduced piece of U.S. legislation that affects all companies with U.S. operations. The Act has the potential to violate the GDPR by attempting to circumvent the data privacy rights of EU citizens. If your organisation has any U.S. presence, or uses communications services from a U.S. service provider, then your organisation should look closely at the CLOUD Act to understand potential implications to your business.

The good news is that the CLOUD Act has no bearing on NFON operations! We do not host data centres – nor any of our data – on servers in the U.S. or within U.S. territories. Moreover, we are neither a U.S. company nor a subsidiary of a U.S. company.

3. GDPR is another milestone on our journey.

In the final analysis, the biggest reason for being able to absorb GDPR compliance better than many other companies is because it is a natural part of our evolution. Our commitment to earlier data protection standards in Germany and across Europe has, over many years, been proactively added to through certifications from various independent bodies. With GDPR under our belts, our next focus is on the ISO-27001, ISO-27002 information security standard, which we aim to be ratified in the near future. This builds upon our GDPR competence and underlines our ongoing commitment to continuous improvement in data protection and information security practices.

People: the best GDPR investment you can make

Having prepared for GDPR compliance, there is one core best practice that we can teach others in following our footsteps. So that your parallel work in technology processes and infrastructure are optimised, invest in the skills and understanding of your people to live GDPR. Our investment is an ongoing process that intensifies as we enter the final weeks before GDPR comes into force.

Crucially, we recognise that simple staff awareness is not the same as truly engaging your teams on the implementation of GDPR practices. To this point, we are running a series of compulsory readiness sessions that are tailor-made for specific roles and departments. Helping your teams skill up on GDPR compliance is central to strong leadership. We believe that we are demonstrating this internally, as well as across our customer and partner ecosystem, and to the market as a whole.