The basic data protection regulation in the European Union is now in force for a good year. Due to its extraterritorial effect, it also applies to Swiss companies in many areas. In any case, it would be a good idea to follow this worldwide highest standard for the protection of personal data. According to current surveys, however, only a little more than half of the companies believe that they now fully comply with the regulations. In complex applications, searching for possible accesses to personal data is too time-consuming.
Although most commercial standard applications have functions for user and rights management that regulate not only the access rights of individuals, but also entire user groups and role profiles, there is no reason why they should not be used. But when web links come into play for partners, for example, these management systems quickly reach their limits.
The more business models in the digital economy are based on the procurement and processing of data, the more important sophisticated management tools become for the observance of privacy: who is allowed to view which data and by what means is this monitored! No wonder that 57 percent of the IT managers surveyed by Gartner in a study already consider “data governance and data security” to be the most important challenge in their everyday data life.
In addition, sophisticated rights management must also be able to block or release certain application functions for users or user groups. This is virtually impossible in a distributed and hybrid environment of onsite and cloud applications for standard systems. One more reason to doubt that the DSGVO has in fact already been implemented in all business processes of a company.
We at actesy are confronted with this challenge in practically every integration project we supervise.