Mitigating the impact of GDPR with RPA
May 25th... The day that the new GDPR legislation comes into place. Should we be afraid of the possible impacts on our organizations? Should we worry about the data that we store from our business partners? Are we prepared and did we take sufficient countermeasures to comply with this amended privacy regulation?
Nobody knows for sure what to expect… but one thing is certain: RPA is able to effortlessly help organizations mitigating the impact of GDRP.
The GDPR legislation does not only introduces new guidelines about the way of storing of personal information, it also gives individuals the right to be informed about the storage and usage of their personal data withing an organization.
One month ago, RoboRana was asked to build a case with RPA about the ‘Right to be Informed’ regulation that handles the end-to-end process from request to delivery of the user information. Our customer expects an increase in stakeholder requests to provide all the insights about their personal data that is currently being stored within the organization. In the manual process, an employee repetitively navigates through all of the company applications and gathers all the relevant information. All the stored data is manually being captured in a Word template where an appropriate explanation is added for the requester. As the data is being stored in multiple applications and screens (up to 20 different applications), this manual process turns out to be very cumbersome, repetitive and it takes several hours to complete a single request.
Why Robots can help?
With the help of Robotic Process Automation or RPA technology, we have created a virtual workforce that is able to handle the complete process in an automated manner. An external stakeholder starts the process by filling in an online form that submits a request to provide the personal information stored by the organization. The request is picked up by the RPA bot and immediately starts processing it. While the bot automatically navigates through the different systems, it takes screenshots of the available data. In total, more than 20 different systems are checked to gather all the stored details. The process is ended by an encrypted PDF that is e-mailed back to the requester. To ensure safety of the sensitive data, a second authentication step was added that delivers the encryption password by SMS instead of e-mail.
The only manual step in this process is the necessary verification of the generated output file before it is being send to the requester. This validation step ensures the quality and compliance of the document and corrects any errors that might occur by the RPA bot.
Applying RPA did not only help our customer to comply with the GDPR regulation, but it also streamlined the time-consuming process, removed all the manual effort and mitigated the impact on the organization.
Job well done and another great user story of a robot working together with happy business users.