We recently attended SURG in Stockholm, Sweden and part of the day was dedicated to covering the General Data Protection Regulation (GDPR) and its implications for the industry when it goes into effect. The GDPR was approved by the EU Parliament in April 2016, and following a 2 year post-adoption grace-period will start to be fully enforceable May 25th 2018, meaning organizations that are in non-compliance at that time will face heavy fines.

What is GDPR?
In short the goal with GDPR is that there is a common process of how to protect data in the EU. “The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.” (www.eugdpr.org)

Who does it affect?
This is a EU legislation so it is easy to assume it only applies to organizations within the EU, however while primarily organizations within the EU are affected, it is important to note that one of the biggest changes this regulation brings is that it impacts organizations outside the EU as well. The GDPR will also apply to organizations that “located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.” (www.eugdpr.org)

For customers this means companies within the EU are obliged to provide information on what data is stored. If they want to know what data they have on them, the company will have to provide them with this information on request. If they do not, they will be fined heavily.

Other key changes to be aware of
With any OT Exstream/StreamServe implementation it deals with customer data, and with this new legislation in effect it is urgent that companies understand how to comply. The road ahead is unpaved, as no cases exist yet on what would happen for a company that doesn’t comply or what exactly is required of the companies. There are heavy fines and/or the company might see its’ solution shutdown completely.

There is a tiered approach to fines, and the maximum fine that can be imposed is up to 4% of annual global turnover or €20 Million (whichever is greater).

Right of access
As mentioned earlier, the GDPR outlines the right for a data subject to obtain whether or not there is any personal data concerning them being processed, and they can request a copy of such data free of charge. This is a major change and introduces a new level of transparency.

Right to be forgotten
Just as a data subject can request what is on file regarding their personal data, they also have the right to be forgotten – erased.

Data Breaches
Data breaches concerning personal data must be reported within 72hrs, and companies must notify their customers, the controllers, “without undue delay” of first becoming aware of the breach.

Consent must clearly be given, and practices that companies might have previously gotten away with will no longer be sufficient. “Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.​“

Adhering to the GDPR regulation and ensuring compliance will be important for any organization doing business with personal data connected to the EU, but the good news is a lot of companies that have already spent time and effort to creating a better Customer Experience, probably have procedures in place that comply with many of the requirements already or is very close to.

You can read more about GDPR here and how it might impact your organization or you as an individual: https://www.eugdpr.org

We attended the SURG meeting in Stockholm Sweden a few of weeks ago, and wanted to share some thoughts and good information for those of you who were not there.

Roadmap and overview
The day was kicked off with Christian Askland, Director Product Management OpenText, sharing the platform overview and roadmap. There were not a lot of surprises on what’s to come compared with what has been shared previously, however notably we can see release EP4 is now more defined and now includes Job visualization and tracking, and more REST APIs.

Exstream will move more and more to the cloud and web services, and Control Center will be one of those. Customers will be offered the CCM as a cloud service. I.e. Paas, Platform as a Service. By entering in log-in information on a website, the whole environment (tenant) was created in the cloud. In the 16.4 version you will be able to use job visualization and tracking in the Supervisor. This is something that was in the Process Manager in version 3.x and was dropped from the 4.x version until now.

   Image source: SURG

We’ve been exploring 16.3 since it was available earlier this month and there are some really nice features in the 16.3 version. One of them being able to use SparkPost to track emails. This will give you valuable information about whether the email has been read or not. A demo was shown on how to upgrade to version 16.3 by Mikael Friberg, and he recommended building projects using one Main project and then have several subprojects to make it easier to work with. Also worth noting that Scandux argument is reintroduced due to customer requests. In 16.3 you also have the possibility to use role-based Retouch where you can define what resources specific groups of users can access, and changes can be made to documents in seconds. PageOUT is obsolete and discontinued. Scalable Vector Graphics (SVG) objects can now be used in CAS and use of script on output connectors is supported.

In our last blog post we noted that it was yet to be clear what training for Exstream would look like, and that was clarified a little at this meeting. The latest training material is still only for 16.2, and OpenText will not have training material for 16.3 until spring of 2018. They are also completely changing the model for training, it is now Learning on Demand, where you can do the training on-line at your convenience with a yearly training subscription. You can find more information here: https://www.opentext.com/training/coursedetails.html?id=2392 The price for a yearly subscription is $5000 per year but only includes one certification attempt, additional certification can be done for a cost of $400. This makes training with OpenText a heavy investment, especially for someone who is just looking for a specific course/certification, but it can be beneficial for anyone who typically does a lot of training.

Other insights from SURG
Ericsson shared in their talk about how they’ve seen a significant decrease in the number of printed material, but an increase in electronic messaging and we will get more and more AI functionality in business. This is something we’re sure a lot of businesses are seeing, and will continue to do so. However, there will continue to be a demand in print as well, especially for business or organizations that are impacted by regulations in part to do so. Ericsson pointed out that even with print on a decline, one thing that will still be on demand when it comes to printing is label printing.

Part of the day was also dedicated to covering GDPR and its implications for the industry when it goes into effect. In short the goal with GDPR is that there is a common process of how to protect data in the EU. Companies within the EU are obliged to provide information on what data is stored. If you want to know what data they have on you they will have to provide you with this information on request. If they do not, they will be fined heavily. We’ll cover this topic more closely shortly as it’s an important consideration for our EU clients.

Overall, SURG was a great event and the new releases of features and applications we’ve seen so far with version 16, and the ones to come, will be great value adds for our clients.