Cristian Badea (co-founder @Sypher Solutions): On why organisations are not yet fully GDPR compliant

The GDPR is the most important change in data privacy regulation in 20 years. In the last year, the GDPR fines amounted to $405 million. Big corporations like Google, Marriott and British Airways were found in breach of the GDPR.

Sypher Solutions helps organizations and companies become and stay GDPR compliant. Its solution is called Sypher Suite and it is a GDPR compliance platform. The platform is currently used by more than 60 organizations in various areas: financial, insurance, software and technology, retail and eCommerce.

Learn more: Simplify your GDPR compliance with Sypher Suite

Cristian Badea is one of the co-founders at Sypher Solutions. He has extensive experience of personal data privacy and security, software and SaaS development. I reached out to him to answer a few questions on the GDPR associated challenges that organizations face when working to become GDPR compliant.

Co-founder @Sypher Cristian Badea

1. Sypher helps companies avoid becoming the next GDPR case study. How does your platform do that?

GDPR compliance programs can be incredibly complex, especially for large organizations. There are industries like financial services, insurance, telecom or retail, where companies are more publicly exposed. They also collect huge amounts of data which makes them more prone to both mistakes and public scrutiny.

When dealing with so many pieces of information spread across multiple tasks, mistakes are easy to make.

Sypher Suite is designed to simplify compliance work and help teams analyze, document and maintain GDPR compliance. It uses custom logic and specific flows to break the project into small, more manageable tasks, and make sure that everything that needs to be done is on the radar.

Our platform actively supports the compliance team to identify the areas that require their attention. It provides a framework allowing the Data Protection Officer (DPO) and compliance team to collaborate and exchange information with the rest of the business and external advisors. It also acts as a central repository for every information related to GDPR compliance.

Sypher co-founders, Mihai Ghita and Cristian Badea

2. Why aren’t businesses implementing GDPR? What is the most common reason?

We speak with a lot of businesses and most of them are aware of GDPR and trying to become compliant. According to a recent study by IAPP, most organizations reported that GDPR implementation took longer than expected (54% of respondents) and it is equally or more difficult to implement than other data privacy and security requirements (80% of respondents). Most organizations (72%) have a budget and the budget is renewed annually (35%) or continue indefinitely (24%).

Since budget is not a problem and awareness is there, we believe that a common reason for not being fully GDPR compliant in 2019 is the fact that organizations often lack the know-how and resources to manage the standard requirements properly, and fail to involve enough people in the process (GDPR is required for all organization teams and is not meant to be dealt with just with the DPO team).

To help them, we have developed specific tools that allow the compliance/DPO team to enlist support from the rest of the business. Our guidance and validation systems make it easy for anyone to contribute to the project, without the need for complex or lengthy training.

3. What challenges did you face while building your business?

We launched Sypher Suite to help companies become GDPR compliant quickly, easily and with minimal fuss. We believe that the GDPR compliance process should and must be simplified and organized.

Our story began in 2016, the year when the European Union published the new regulations regarding the protection of personal data.

The main challenge was to understand the needs, problems and hassles of persons in charge of GDPR compliance, namely DPO and to identify a better way to solve them. This challenge is applicable today as well, we strive to understand how GPDR requirements can be simplified so humans can stay on top of it and control it.

Sypher Suite was created after multiple discussions and meetings with potential clients across several industries, consultants and law firms, to understand how we can help conformity teams implement the new privacy policies.

4. Share your advice for aspiring or new startup founders.

It’s difficult to share general advice, as every startup is different at so many levels: goals, general environment, potential clients’ needs, the technology used and so on.

What we think it’s worth sharing though is this: do market segmentation, identify your best niche and address to a clear potential customer, with real pain and struggles. Addressing the whole market and each company may not yield the best results.

Also, transform your product’s features and capabilities into solid benefits for your potential clients.

Join the Conversation

We’d love to hear what you have to say.

Get in touch with us on Facebook Group and Twitter.

BRAND MINDS Newsletter

CHECK ALL

TERMS AND CONDITIONS

You agree to our terms and conditions.

JOIN THE COMMUNITY

OK, I agree to receive the BRAND MINDS newsletter with information from industry leaders and business experts. The content is related to ultimate technologies, marketing trends and updates about BRAND MINDS events.

HAVE THE BEST EXPERIENCES

OK, I agree to receive the latest info and offers for BRAND MINDS events when I am surfing on other websites as well. For this, I agree to allow cookies and other online digital marketing tools to personalize site content, social media features and to analyze the traffic by sharing my navigation status with BRAND MINDS SRL advertising and social media partners such as, but not limited to, Meta, LinkedIn and Google.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
gdpr_status	6 months 2 days	This cookie is set by the provider Media.net. This cookie is used to check the status whether the user has accepted the cookie consent box. It also helps in not showing the cookie consent box upon re-entry to the website.
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
language		This cookie is used to store the language preference of the user.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
_gat	1 minute	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.
sib_cuid	6 months	This cookie is set by the provider Purechat. This cookie is used to send data to purechat.com. It helps to connect visitors to the reservation team and to track visitors to stay on portal.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_73609929_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description available.
CONSENT	16 years 5 months 13 days 4 hours 1 minute	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
UID	2 years	No description available.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
uuid	6 months	To optimize ad relevance by collecting visitor data from multiple websites such as what pages have been loaded.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.