Research VP Julian Herbert will be a key speaker at ProcureCon Indirect Europe held on April 17-18 in Copenhagen. Julian will join other industry experts on an all-star panel. The discussion topic will be: How can you establish agility in a fast-moving, digital area whilst maintaining supplier relationships to ensure you can react quickly to emerging innovations?
Stop by and see us at booth 12 as well!
April 17-18, 2018
Radisson Blu Scandinavia Hotel
Julian Herbert, Research VP, Everest Group
Receive a 20% discount on your admission to the event by contacting Event Director Soraya Sanjoori and mentioning Everest Group.
Everest Group’s March 22 symposium, Thriving in a World of Perpetual Change, brings together industry expertise and rich resources to help you identify practical strategies to thrive in a time of global disruption. Join us as we explore ways leading enterprises are planning and organising to take advantage of disruption to improve outcomes.
About the event
Ongoing global disruption – in the form of economic uncertainty, political upheaval, legal/regulatory change, and technological development – is forcing the global services market to completely transform how service delivery is organised and executed. Keeping up with the latest developments is difficult enough, let alone understanding and planning for potential consequences.
What you will see, hear, and learn
- Findings from our first ever assessment of how leading organisations are achieving Pinnacle, or best-in-class, status in leveraging Robotic Process Automation (RPA) in their service delivery organisations
- Early findings from our RPA Technology PEAK Matrix™ 2018 research
- Predictions for how the global services market will evolve in 2018, including demand trends, impact of RPA and other technology trends, digitalisation, the service provider landscape, delivery locations, vendor management and pricing, GDPR, and more
- A panel discussion about what organisations should do to survive in a changing world
The programme will be followed by a networking session industry colleagues and Everest Group analysts over drinks and canapes.
Thursday, 22nd March, 2018
3:30 to 7:00 pm
Last year’s event exceeded capacity very quickly – register today to save your space!
For the longest time, US was the largest as well as the most dominant market for the $150-billion software services industry. While it still contributes to two-thirds of the sector’s revenues, over the past few quarters, it is countries in Europe – especially in Continental Europe – that are bringing the maximum growth, defying the concerns around Brexit. Under a lot of pressure, US – especially in the banking and financial services (BFSI) industry –growth rates have reduced to low, single digits for top IT companies.
Meanwhile, Europe – traditionally considered shy of outsourcing (except for UK) – is growing at a much faster pace. The percentage share of revenues contributed by the US has also been steadily coming down.
In the case of Infosys, the number is down from 61.5% to 60.6% during the same period, while for Wipro, it has fallen from 54.8% to 53.6%. Peter Bendor-Samuel, the CEO of market consultancy firm Everest Group, said the EU economy has lagged the US and is now accelerating.
With just seven months to go to the General Data Protection Regulation (GDPR) compliance deadline, many companies still have wholly inadequate data management capabilities. Strict requirements for personal data security, privacy, and the right to erase, among other things, will cause severe headaches for many CIOs not only in the EU but in all regions, as organizations will have to know which data is and is not subject to the regulation, and where in the world it is stored.
Download our special complimentary report: EU GDPR: Is There a Silver Lining to the Disruption?
No doubt many complex and conflicting scenarios will arise out of GDPR. For example, consider the following data-related issues:
- When a request to be forgotten comes in from a customer, how will the organization find all the occurrences of the same data across the vast enterprise IT estate?
- Will public and private cloud and other infrastructure providers be able to handle the requirements in a timely manner?
- What would be the knock-on effect of a customer asking for his/her data to be erased? What systems will be affected and how would that effect audit trails and other regulatory requirements, such as maintaining company-related data for audit purposes for several years?
These and a multitude of others will take many more years to understand, get guidance on, and resolve. In the meantime, companies must be compliant, or face fines that are the greater of €20 million or 4 percent of global annual turnover.
For those organizations that have not yet prepared for GDPR, the overheads of data management are increasing significantly. For example, they must figure out how to best obtain and maintain personal consent, handle access requests, process revocation of consent and requests to be forgotten, train personnel to know what they can and cannot do with data under GDPR, ensure outsourced services, cloud providers, other suppliers, e.g. in the supply chain, and partners are compliant, and run audits to check the readiness and effectiveness of the provider/supplier/partner ecosystem.
This is where, with its rules-based bots, Robotic Process Automation (RPA) could prove to be God’s gift to the laggards. Scenarios where RPA could be ideal include, but are not limited to:
- Running audits of data against consent and revocation databases for compliance
- Checking a queue of in-coming consent or revocation requests, and acting upon them, e.g., setting the right flags in systems or actively deleting data while maintaining an audit trail
- Producing audit reports
- Propagating changes of personal data and related consent across all the systems that hold that data, by cutting and pasting updates and maintaining consent-related databases
The role of AI
As organizations collect more and more GDPR-related data, Artificial Intelligence (AI) solutions could come into their own by helping with risk and impact analysis and reporting:
- How many systems will be affected by a GDPR consent and access related change?
- What is the knock-on effect on workloads and audits trails? How do these affect other regulatory requirements of data retention?
- How many systems will be affected, and what would be the impact on operations and other legal and regulatory requirements?
- What is the data security threat level of the day? What is the likelihood of data breaches on a daily/hourly basis, and what preventative measures could be taken?
- What security breach has happened and what actions have been taken? Who has been affected by it and must be notified?
Additionally, good governance is an imperative for GDPR. RPA and AI can be used to embed governance in daily operations for enforcing and monitoring purposes.
A new era of data protection is upon us. It is coming at a time when, some would say, that companies have taken far too many liberties with their customers’ data. The full implications for businesses are yet to be understood. But we believe that all organizations that hold or process personal data will experience some disruption in service delivery as a direct result of GDPR. For more on Everest Group’s point of view, please see our latest free publication: “EU GDPR: Is There a Silver Lining to the Disruption?“
The employed talent pool availability for SDA technology and project management teams is low across locations; competition for this talent is intense given both demand and the size of the experienced talent pool.
The high entropy data protection space has once again gained headlines after Equifax, the U.S- based consumer credit reporting agency, revealed that a July 2017 theft compromised more than 143 million American, British, and Canadian consumers’ personal data. The data breach incident, one of the worst cyber-attacks in history, was conducted by hackers who exploited a vulnerability in the company’s U.S. website and stole information such as social security numbers, birth dates, addresses, and driver’s license numbers. (Equifax maintains and develops its database by purchasing data records from banks, credit unions, credit card companies, retailers, mortgage lenders, and public record providers.)
Much about the situation would have been considerably different had this breach happened after May 2018, at which time the General Data Protection Regulation (GDPR) – a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU) – goes into effect. Even though it is not headquartered in the EU region, Equifax would have come under the purview of GDPR, because it maintains and reports the data of British citizens. And the stringency of requirements and degree of implications would have been significantly higher for the credit rating agency.
Although not directly related to GDPR, another significant business impact is the sudden “retirement” of Equifax’s CEO less than three weeks after the breach was announced.
This massive cyber-attack is a wake-up call for the services industry. Starting today, operations and businesses must regard data protection regulations with the utmost importance. Non-compliance will not only harm firms financially, but also expose them to brand dilution and business continuity risks.
Some of the key imperatives for enterprises operating in the ever-so-stringent data protection space include:
- Know and understand the data security laws under which your enterprise falls, especially those such as GDPR that have far reaching impacts
- Redesign your business processes to incorporate privacy impact assessments to identify high risk processes
- Implement necessary changes in the contracts with third parties to incorporate the stricter requirements of consent
- Achieve process transformation to inculcate privacy by design; this includes risk exposure reduction by technological changes such as data minimization
- Appoint a Data Protection Officer to align the business goals with data protection requirements
- Make suitable changes in contracting and governance practices to ensure adequate emphasis on data protection
To learn more about the strategic impact of the EU GDPR on the global services industry, please read our recently released viewpoint on GDPR: “EU GDPR: Is There a Silver Lining to the Disruption.”