Cristian Badea (co-founder @Sypher Solutions): On why organisations are not yet fully GDPR compliant
The GDPR is the most important change in data privacy regulation in 20 years. In the last year, the GDPR fines amounted to $405 million. Big corporations like Google, Marriott and British Airways were found in breach of the GDPR.
Sypher Solutions helps organizations and companies become and stay GDPR compliant. Its solution is called Sypher Suite and it is a GDPR compliance platform. The platform is currently used by more than 60 organizations in various areas: financial, insurance, software and technology, retail and eCommerce.
Learn more: Simplify your GDPR compliance with Sypher Suite
Cristian Badea is one of the co-founders at Sypher Solutions. He has extensive experience of personal data privacy and security, software and SaaS development. I reached out to him to answer a few questions on the GDPR associated challenges that organizations face when working to become GDPR compliant.
1. Sypher helps companies avoid becoming the next GDPR case study. How does your platform do that?
GDPR compliance programs can be incredibly complex, especially for large organizations. There are industries like financial services, insurance, telecom or retail, where companies are more publicly exposed. They also collect huge amounts of data which makes them more prone to both mistakes and public scrutiny.
When dealing with so many pieces of information spread across multiple tasks, mistakes are easy to make.
Sypher Suite is designed to simplify compliance work and help teams analyze, document and maintain GDPR compliance. It uses custom logic and specific flows to break the project into small, more manageable tasks, and make sure that everything that needs to be done is on the radar.
Our platform actively supports the compliance team to identify the areas that require their attention. It provides a framework allowing the Data Protection Officer (DPO) and compliance team to collaborate and exchange information with the rest of the business and external advisors. It also acts as a central repository for every information related to GDPR compliance.
2. Why aren’t businesses implementing GDPR? What is the most common reason?
We speak with a lot of businesses and most of them are aware of GDPR and trying to become compliant. According to a recent study by IAPP, most organizations reported that GDPR implementation took longer than expected (54% of respondents) and it is equally or more difficult to implement than other data privacy and security requirements (80% of respondents). Most organizations (72%) have a budget and the budget is renewed annually (35%) or continue indefinitely (24%).
Since budget is not a problem and awareness is there, we believe that a common reason for not being fully GDPR compliant in 2019 is the fact that organizations often lack the know-how and resources to manage the standard requirements properly, and fail to involve enough people in the process (GDPR is required for all organization teams and is not meant to be dealt with just with the DPO team).
To help them, we have developed specific tools that allow the compliance/DPO team to enlist support from the rest of the business. Our guidance and validation systems make it easy for anyone to contribute to the project, without the need for complex or lengthy training.
3. What challenges did you face while building your business?
We launched Sypher Suite to help companies become GDPR compliant quickly, easily and with minimal fuss. We believe that the GDPR compliance process should and must be simplified and organized.
Our story began in 2016, the year when the European Union published the new regulations regarding the protection of personal data.
The main challenge was to understand the needs, problems and hassles of persons in charge of GDPR compliance, namely DPO and to identify a better way to solve them. This challenge is applicable today as well, we strive to understand how GPDR requirements can be simplified so humans can stay on top of it and control it.
Sypher Suite was created after multiple discussions and meetings with potential clients across several industries, consultants and law firms, to understand how we can help conformity teams implement the new privacy policies.
4. Share your advice for aspiring or new startup founders.
It’s difficult to share general advice, as every startup is different at so many levels: goals, general environment, potential clients’ needs, the technology used and so on.
What we think it’s worth sharing though is this: do market segmentation, identify your best niche and address to a clear potential customer, with real pain and struggles. Addressing the whole market and each company may not yield the best results.
Also, transform your product’s features and capabilities into solid benefits for your potential clients.
Join the Conversation
We’d love to hear what you have to say.
Get in touch with us on Facebook Group and Twitter.