Complying with worldwide privacy laws.

Globe DMI Awards HIGH RES scaled

In this Q&A with EM360, our CEO Philip Dutton sat down to discuss what makes Solidatus different to other data privacy solutions on the market, how we’re helping organisations reduce costs, and what organisations can do to stay ahead of the curve when it comes to data privacy. Read the full Q&A below.

Data privacy is a global requirement. From GDPR (EU) to CCPA (California) and PDPA (Singapore), there are now more privacy laws than ever before, with many still yet to be discussed and enforced. Although a necessary movement, multinational companies are, consequently, struggling to keep up with compliance, with the sheer volume of regulations becoming increasingly daunting. On top of this, business leaders must also stay in the know about emerging technologies, as new advances in areas/fields such as Artificial Intelligence have already been flagged as a threat to privacy. So, what can organisations do to ensure they are on top of data privacy and its associated critical challenges? 

In this week’s Q&A, we sat down with Philip Dutton, Co-CEO and Co-Founder of Solidatus, to find out how their compliance tool is helping the enterprise to tackle data privacy. Solidatus is an innovative data management technology company, empowering organizations to unlock the true business value behind their data. Born out of the recognition of a consistent pattern of data management problems, the company works to digitally transform organisations, empowering them to be data-centric and lineage-enabled, and simplifying their adherence to privacy laws. 

What is Solidatus’ ‘regulatory lineage’ solution and how does it compare to other compliance tools on the market in terms of its key features and/or USP(s)?

Solidatus helps organisations simplify their adherence to privacy laws by empowering clients to map the flow of relevant data through their organisation, visualising the mapping against their people, processes and regulatory needs. This demonstrates the impact of data privacy regulations in context and allows for insights that are only possible when all the information is available. This complete transparency is critical to ensuring that data required for regulatory compliance is identified, accurate and complete – and is being used appropriately per data privacy requirements.

Solidatus is the only product that can be used to cover all global regulations. It is rapid, agile, scalable and can show common regulations, indicating the delta where there are differing regulations for each region/country. Collectively, this massively reduces the cost of regulatory compliance for multijurisdictional organisations. 

Research reveals that by 2022, companies worldwide are likely to spend over £5 billion on compliance tooling. In what ways does Solidatus’ approach to data privacy address regulatory spending and the financial challenges that come with it? 

Companies now invest vast sums of money to prove they are in compliance, and organisations with multi-jurisdictional exposure need to meet a profusion of regulations simultaneously. Those that lack complete understanding of their data landscape are forced to re-spend and thereby waste regulatory budgets.

Solidatus delivers a high degree of efficiency, reusability and scalability as the world’s regulatory and data privacy requirements change and expand. Once data items and their metadata are identified, catalogued and modelled, they can be easily mapped to multiple compliance requirements.

Essentially, Solidatus creates one scalable compliance framework that helps organisations proactively address multiple regulations. This reduces the high cost of managing multiple compliance solutions, and reduces the risk and costs of non-compliance.

Solidatus prides itself on being proactive, rather than reactive, when it comes to compliance. How is this achieved and why is it so important to the company?

Solidatus has a strong track record of delivering the tools needed to rapidly build the major compliance data models. This means that businesses can implement the model and map their data to the reporting requirements well before their first deadline. Our clients’ reputation and reporting success is paramount to our success as a business.

Over 128 countries have data privacy laws, resulting in companies with multi-jurisdictional exposure being overwhelmed. Is Solidatus’ compliance tool the key to tackling this issue?

Yes! Solidatus is made to simplify data complexity and workflow – in this case, overlapping yet differing data privacy requirements. Getting compliance right also means breaking down legacy organisational silos, ensuring there is transparency across systems, people and processes. This is key to capturing all the necessary data required, understanding how data flows, and tracking and reporting exactly how it is used. Our lineage technology maps the data to each privacy law requirement, and is the only product to cover all global data protection regulations.  

Can you give us a case study example that exemplifies how Solidatus is helping organisations to unlock the true value of data privacy and simplify their adherence to privacy laws? 

We helped a global investment bank automate compliant, cross-border data sharing. With over 40 million customers, and operating in 64 countries and territories, they had struggled to share data efficiently across the organization due to regulatory complexity and burdensome manual processes. In under six months of using Solidatus, the bank automated data sharing workflows enabling real-time, auditable and compliant data access for all users. By enabling rapid time to data access and reducing the management overhead, it is estimated that the bank has saved $70 Million to date through utilising our product.

Working with Solidatus, the bank unlocked greater business value from data that had been tied up in complex processes. With streamlined and automated data sharing processes, the bank’s data users are saving time, lowering costs and reducing compliance risk, all while delivering results faster and more accurately.

In a recent article titled ‘In a changing world, it pays to be prepared’, you write that ‘privacy requires agility’. Where do you see the future of data privacy following the emergence of the pandemic and how can organisations stay ahead of the curve?

There are more data privacy laws expected to be passed, and the existing ones will see increased enforcement and fines; the global data privacy regime will only grow in complexity, putting greater risk on organisations around the world – this is why agility and scalability are so crucial. Companies that had a data privacy solution already in place before the pandemic were more prepared to handle the new challenges of managing sensitive data while their working behaviours changed.

Going forward, data privacy solutions will need to continue to be highly scalable. Companies will be subject to a growing set of laws during a period where many business models evolve post-pandemic, complicating matters further. Businesses need a holistic approach to manage their data to meet multiple data privacy laws, while minimising the costs and the risk of deep fines. With Solidatus, compliance expenditure isn’t narrowly constrained and can, instead, be transformative – an opportunity to elevate and transform a business’ data capabilities.

Get a free trial

Get a free trial and see how you can bring simplification to your challenges around metadata management, data governance, and demonstrating regulatory compliance.

Cityscape IBOR HIGH RES scaled

“Vietnam is poised to pass a new decree that will bring the nation into line with its peers across APAC and internationally when it comes to personal data protection – and it’s providing a new impetus for businesses to look again at enhancing their data management.”

As Vietnam prepares to move into the next phase of its Data Privacy legislation, Solidatus Head of APAC John Berven sat down with Asean Tech&Sec to discuss the upcoming implementation of PDPA (Personal Data Protection Act) and how ready businesses really are when it comes to their own data and compliance requirements.

Reflecting on a number of high-profile data security breaches in the recent years, John comments: “Large-scale breaches of personal data continued in 2020, with a devastating data leak affecting more than 80,000 customers, and possibly staff, at Vietnamese health technology firm, Innovative Solution for Healthcare (iSofH) (see report). It is also believed that an additional cyberattack removed an unknown number of records.”

But with the new PDPA, these breaches should hopefully be a thing of the past. But how can businesses prepare to ensure they are compliant with the decree’s storage and processing of personal data? And, more importantly, how can a tool like Solidatus enable organisations to map the flow of its data, allowing for full transparency on how it can be used?

Read John’s insights on this new stage of data protection and privacy in Vietnam to find out more:

Vietnam is about to enter a new data protection era – are businesses ready?

Solidatus for PDPA in APAC

By using Solidatus, an organisation gains invaluable insight into its data landscape. Our product enables users to visualise and analyse lineage showing what type of data they have and how it moves through their systems. It is impossible for senior management to be completely confident that the organisation is not inadvertently contravening some aspect of PDPA without this, leaving them open to enforcement and reputational risks.  

Solidatus plays a vital role in PDPA by:  

  • mapping the flow of data within an organisation 
  • allowing for full transparency on how it is used and by whom 
  • laying the groundwork should regulators ever ask a business to prove their compliance 

Solidatus helps to build a digital dashboard which shows managers how personal data is being used and where it is stored. This provides a demonstrable compliance with cloud storage regulations, the Right to Access and Correction, in addition to both Do Not Call (DNC) and National Registration Identification Card (NRIC) legislation by understanding the flow and location of data. 

Organisations need a tool to help them identify required consent and ensure that the use of personal data within their firm is, purposeful, appropriate and reasonable. Solidatus provides these essential elements to comply with PDPA. 

Get a free trial

Get a free trial and see how you can bring simplification to your challenges around metadata management, data governance, and demonstrating regulatory compliance.

Sound waves HIGH RES scaled

The only way that complex multi-nationals can ensure their compliance is by keeping up with these continual updates to data privacy rules. In order to prepare for any legislative checks on their compliance, firms need to ensure a flexible and innovative approach to operational data management which can be called on to give a comprehensive picture at any time.”

Solidatus Head of APAC John Berven writes for Regulation Asia, taking a look at the upcoming implementation of PDPA in Vietnam and how organisations need to take a data-first approach to international regulation in order to be prepared.

Businesses that have already implemented measures in preparation for other data privacy regulations such as GDPR and LGPD, will have the advantage of having either met – or in some cases exceeded – the new guidelines in Vietnam.

But achieving this compliance is no small feat, and firms need to ensure their approach to data management is holistic, transparent and flexible. Digital transformation is key in giving a comprehensive view of data privacy.

To find out more, read John’s insights for Regulation Asia “Vietnam’s Data Privacy Decree: the Tip of the Global Compliance Iceberg”:

Vietnam’s Data Privacy Decree: the Tip of the Global Compliance Iceberg

Data Privacy HIGH RES scaled

A connected world comes with consequences

The creation and retention of data has increased exponentially in recent years. Our expanding digital landscapes have led to the introduction of privacy legislation to keep our data secure.

Much of our data is stored in vast ‘lakes’ for analytical purposes. Organisations have taken advantage of the quantities being collected by putting this data to work in order to learn more about their customers and their habits. This pooling of data is complex and has brought them into conflict with different regulatory regimes and jurisdictions.

GDPR compelled organisations to take the privacy rights of their customers seriously and now has counterparts all over the world such as the CCPA, LGPD, PDPA and NYPA. It also forced businesses to stop using archaic tools to make sense of their fragmented data landscape.

data privacy

A global wake-up call

The Covid-19 pandemic was a rude awakening for businesses the world over, with many hastily using outdated and unreliable tools such as Excel to ensure they remained compliant – resulting in important data slipping through the cracks due to lack of clear visibility over all facets of their data lifecycle. Organisations are at higher risk of security breaches with sensitive data existing outside the four walls of their offices.

This has been a hard lesson for many businesses that didn’t already have a trusted and effective data privacy solution in place, enabling a smooth and relatively seamless transition from office working to remote working. But for companies that had taken GDPR for the opportunity it was – a chance to get ahead of the competition by utilising vital and underused data – the pandemic hasn’t been as devastating for them as it has for others. They had already been achieving more than just compliance for two years by the time Covid hit, and they are the ones that have been able to adapt and evolve as a result.

Data privacy worldwide

Privacy requires agility

Applying static laws to rapidly moving economic, social and technical landscapes is difficult. Proving regulatory compliance can be extremely time-consuming, repetitive and labour-intensive when done manually.

The initial cost of this development may be leveraged if the organisation acts proactively to use this regulatory burden as an impetus for improving business functions, as well as meeting its obligations. Solidatus is the only product that can be used to cover all global data protection regulations. It is agile and scalable and can show common regulations, indicating the delta where there are differing regulations for each region/country. Collectively, this reduces the cost of regulatory compliance for multi-jurisdictional organisations.

As data privacy legislation continues to grow, it is imperative that holistic solutions are put in place to protect sensitive data and the businesses that hold it. Organisations that fail to implement adequate data strategies will suffer financial penalties that may render the business unprofitable or even unviable. For companies that remain ahead of the curve, they will find the carrot is much longer than the stick.

Global Data Privacy Model 1

Get a free trial

Get a free trial and see how you can bring simplification to your challenges around metadata management, data governance, and demonstrating regulatory compliance.