Tag

Europe

The Equifax Data Theft: What if GDPR were in Force? | Sherpas in Blue Shirts

By | Blog, IT Security, Outsourcing

The high entropy data protection space has once again gained headlines after Equifax, the U.S- based consumer credit reporting agency, revealed that a July 2017 theft compromised more than 143 million American, British, and Canadian consumers’ personal data. The data breach incident, one of the worst cyber-attacks in history, was conducted by hackers who exploited a vulnerability in the company’s U.S. website and stole information such as social security numbers, birth dates, addresses, and driver’s license numbers. (Equifax maintains and develops its database by purchasing data records from banks, credit unions, credit card companies, retailers, mortgage lenders, and public record providers.)

Much about the situation would have been considerably different had this breach happened after May 2018, at which time the General Data Protection Regulation (GDPR) – a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU) – goes into effect. Even though it is not headquartered in the EU region, Equifax would have come under the purview of GDPR, because it maintains and reports the data of British citizens. And the stringency of requirements and degree of implications would have been significantly higher for the credit rating agency.

GDPR and Equifax

Although not directly related to GDPR, another significant business impact is the sudden “retirement” of Equifax’s CEO less than three weeks after the breach was announced.

This massive cyber-attack is a wake-up call for the services industry. Starting today, operations and businesses must regard data protection regulations with the utmost importance. Non-compliance will not only harm firms financially, but also expose them to brand dilution and business continuity risks.

Some of the key imperatives for enterprises operating in the ever-so-stringent data protection space include:

  • Know and understand the data security laws under which your enterprise falls, especially those such as GDPR that have far reaching impacts
  • Redesign your business processes to incorporate privacy impact assessments to identify high risk processes
  • Implement necessary changes in the contracts with third parties to incorporate the stricter requirements of consent
  • Achieve process transformation to inculcate privacy by design; this includes risk exposure reduction by technological changes such as data minimization
  • Appoint a Data Protection Officer to align the business goals with data protection requirements
  • Make suitable changes in contracting and governance practices to ensure adequate emphasis on data protection

To learn more about the strategic impact of the EU GDPR on the global services industry, please read our recently released viewpoint on GDPR: “EU GDPR: Is There a Silver Lining to the Disruption.”

How Will Brexit Impact Your Europe Delivery Strategy? | Sherpas in Blue Shirts

By | Blog, Outsourcing

On June 23, 2016, the United Kingdom (U.K.) voted to leave the European Union (EU) through a referendum, also known as “Brexit.” Indications over the last few months are that it will be a “hard Brexit,” wherein the U.K. makes a clean break from the EU’s common market. If that happens, we can anticipate the following major changes to the global services operating environment:

  • Passporting for companies will become tougher: Banks and financial institutions in the U.K. will find it more challenging to operate/set up new centers across countries in the region, as the U.K. will no longer be a part of the EU free trade market
  • Talent movement across U.K. borders will be a challenge: People will require separate work visas to work in the U.K. and continental Europe. Although this is expected to apply to new work visas, changes to visas for people currently working in these countries are still uncertain.

As many global companies leverage the U.K. and countries in continental Europe to deliver services to all of Europe, passporting and talent movement restrictions could have a significant impact on their business strategy, regardless of their operating location in the region.

Potential Brexit impacts on companies operating in the U.K. and EU

In the wake of the uncertainty, global companies that are planning to service their European customer base would prefer setting up their GICs/back-office centers in continental Europe instead of the U.K. This might cause a surge in back-office activity in continental European locations, and talent demand for multiple IT and business process functions in those countries might go up.

Additionally, companies that are currently operating in the U.K. and the rest of Europe will need to prepare for possible legal/policy changes, and will need to expedite visa, HR, and administrative processes for their employees. We expect this to lead to increased demand for back-office activity in the U.K. and continental Europe.

Moreover, with talent movement restrictions becoming a possibility, companies currently operating only in the U.K. might need to rethink their talent hiring strategy in the region, especially for language-specific needs that were previously easy to fulfill.

To paint a picture of the potential Brexit impacts, following are several sample scenarios about companies operating in the U.K. and EU, and their possible decisions pre- and post-Brexit.

Brexit decision scenarios

What lies ahead for those impacted by Brexit decisions

Until the exact Brexit-related policy changes become clearer, global companies might delay or shelve their investment decisions for the U.K. and rest of Europe. They might also possibly move toward greater levels of automation in their business operations to mitigate potential risks.

While it will be a wait and watch game over the next 10-12 months for companies operating in the U.K. and EU, they’ll need to keep their eyes carefully trained on developments in order to create effective strategies for dealing with the possible changes in the near- and long-term.
For a more detailed discussion on the topic, please refer to the recently released Everest Group viewpoint, “The Road Ahead: A Global Services Perspective on the Impact of Brexit. ”