Vmoso and GDPR

 

With the introduction of GDPR just months away, it’s important that the systems you use for communication receive the same level of data protection scrutiny as your systems of record. Vmoso brings together internal and external communication, integrated to your systems of record, helping you meet your data protection obligations.

View Transcript

The General Data Protection Regulation or GDPR is a new set of data protection laws set to be introduced on 25th May 2018. It applies to all organisations in the European Union, and all organisations outside the EU that offer goods or services to individuals in the EU.

It aims to standardize data protection rules across the EU, and for most countries goes significantly beyond the previous national laws in place to establish a wider set of rights for individuals about the information organisations hold about them.

 

GDPR provides individuals with:

  • The right to be informed about the information organisations hold about them, and how it is used
  • The right of access to that information
  • The right to rectification of any incorrect data held
  • The right to erasure of the data
  • The right to restrict processing, limiting how data an organisation holds may be used
  • The right to data portability, allowing individuals to transfer their data from one service to another
  • The right to object to how their data is used, and
  • Rights in relation to automated decision making and profiling

 

As most organisations already comply with their data protection obligations, the processes and systems they have in place form a solid basis for ensuring GDPR compliance.

However, in recent years, changes in the way business communication takes place have often worked against organisations’ good intentions around data protection. While their systems of record are typically well-structured and enable organisations to comply with their data protection obligations, their internal and external communication systems are a different matter entirely.

 

GDPR describes how personal data and sensitive personal data is handled. When this remains in an organisation’s systems of record – their customer databases, CRM systems, finance systems , etc, it’s relatively easy to comply with GDPR’s provisions to protect the individual’s rights. The problems start when this personal data is held in, or copied to communication systems that are much less tightly regulated.

 

This problem has been exacerbated by a move away from email into wide range of new communication tools, often brought into the organisation by employees without IT approval. This trend towards “shadow IT” or “bring your own app” puts company data at risk, and makes it almost impossible for organisations to meet their data protection obligations. How can an organisation possible find, rectify or erase an individual’s data if it is scattered across a mish-mash of employee-chosen communication apps?

 

If this scenario sounds unlikely to you, think again. In the UK, one of the largest ever fines imposed by the Information Commissioner’s Office related to the breach of a customer database that had not been approved by the organisation’s IT department.  And it is widely acknowledged that NHS staff are regularly using WhatsApp to exchange patient data, often crossing the boundary of what constitutes “personal data”. Shadow IT is alive and well in most organisations, whether they know about it or not.

 

So all the good data protection work on your core enterprise systems could be undone if you fail to consider how personal data is included in your day to day business communication. One of the major changes GDPR brings is significantly increased fines for non-compliance. For example, Pharmacy2U’s fine of 130,000 in 2015 could have been 4.4m under GDPR. Talktalk’s 2016 fine of 400,000 could have been 59m under GDPR. In the new world of GDPR, no company can afford to ignore the risks of shadow IT.

 

Vmoso from BroadVision helps your meet your data protection obligations by consolidating your business communication in one place, removing the need for shadow IT communication solutions. Instead of messages being scattered across individual users’ email inboxes, or locked into unapproved communication apps like WhatsApp or Line, Vmoso stores all messages in a secure, cloud-based environment, making data discovery, rectification, and erasure straightforward.

 

Let’s look at an example.

 

Galaxy Telecom provides phone and broadband services to residential customers.

 

As Galaxy customer, Sarah is provided with a dedicated Vmoso customer service channel for all her communication.

She has reported a problem to Galaxy customer service, saying she’s unable to access certain websites and is being redirected to other sites.

 

Lloyd in the customer service team asks for details of which sites Sarah’s trying to access and where she’s ending up instead. During this discussion, Sarah confirms the IP address she’s currently using – this is something that GDPR classes as “personal data”.

 

As part of this discussion, Lloyd explicitly asks for Sarah’s consent to use the information provided to resolve the issue. A key requirement of GDPR is being able to demonstrate consent to use personal data, and receiving this consent in Vmoso provides a permanent record.

 

It’s now several months later. Galaxy have recently suffered a security breach of some customer data. They have, as GDPR requires, reported this to the relevant supervisory authority.

 

At the end of her contract, Sarah chose to switch suppliers so is no longer a Galaxy customer. But she hears about the breach in the news and is concerned that Galaxy may still hold some of her personal data. He asks Galaxy to provide her with all the information they still hold about her , and to delete it all.

 

Because all Sarah’s interactions with Galaxy have been through a persistent Vmoso customer service channel, this is trivially easy for Galaxy to do. Galaxy are able to provide Sarah with both the records from their core customer database, and a transcript of all the discussions they had with Sarah on Vmoso.

 

Galaxy’s use of Vmoso enables them to meet their GDPR obligations by providing Sarah with a rapid and comprehensive response.

 

But the impact of GDPR on communication systems isn’t just limited to customer service. It applies equally to any organisation inside or outside the EU that holds personal data about EU citizens, including cases such as:

  • HR departments retaining candidate information for recruitment
  • Charities maintaining lists of donors and volunteers
  • National and local government departments communicating with citizens.

 

With the introduction of GDPR just months away, it’s important that the systems you use for communication receive the same level of data protection scrutiny as your systems of record. Vmoso brings together internal and external communication, integrated to your systems of record, helping you meet your data protection obligations.

 

For more information about how Vmoso can help your organisation, contact us at sales@broadvision.com or broadvision.com/contact

 

Vmoso Enterprise Transformation Methodology

 

As organizations embark on programmes of digital transformation, managing collective knowledge is becoming more important than ever. Knowledge is increasingly lost in employees’ email inboxes, or fragmented across a chaotic assortment of new communication tools brought in to address email’s failings.

At BroadVision, we understand that getting your corporate knowledge under control is more than just a technology implementation programme. The Vmoso Enterprise Transformation (or VET) methodology is a 10-step iterative process that refines working practices and establishes Vmoso at the heart of your enterprise communication and collaboration.

VET help organizations:

  • Identify and integrate existing knowledge sources
  • Capture new knowledge at source and index it for easy access
  • Define collaborative processes to add accountability to business communication
  • Devise and report upon meaningful metrics that link directly to business objectives

We know that the hardest part of any project to adopt new technology is getting started. Many employees remained wedded to working practices that discourage effective collaboration and impede the flow of information around the company. The VET methodology engages with all participants and stakeholders to drive behavioural change alongside Vmoso product implementation.

Let’s take a look at the ten steps in one cycle of the VET methodology.

  1. First of all, it’s essential to gain a mandate for the project from the executive sponsor. Experience shows that without clear objectives from senior management, and commitment to make the people involved in the project available, it will be very hard to make the rest of the project successful. So before we do anything else, we need to establish project charter, endorsed by company management.
  2. Next, we audit the communication and collaboration tools currently in use, and who’s using them. Digital transformation is a journey, and to define a realistic destination, we need to understand where we’re starting.
  3. Then, we identify where the vast amount of collective knowledge in the organisation is currently stored, and decide whether that should be migrated to Vmoso, or left in place and integrated to Vmoso.
  4. In step 4, we specify the use cases that are going to be implemented in this iteration of the methodology. The priority here is choosing those cases where we are most likely to see the biggest benefit, based on what we discovered in steps 2 and 3.
  5. Then we design the knowledge architecture – how we are going to organise the information that will be held in Vmoso or integrated to it. This includes the Vmoso spaces, user groups and access control restrictions. We also map the business workflows we’ve identified in previous steps into Vmoso-based collaborative processes.
  6. Next, we plan the schedule for the adoption phases of the project. This includes any technical integration and customization work required, the training schedule, and the metrics that are going to be used to evaluate success.
  7. The length of the solution implementation itself will vary based on the amount of integration and customization work, so may be anything between a few days and many weeks, depending on decisions made earlier in the project.
  8. Next, we transfer knowledge to the project steering committee and then all project participants. This includes not just Vmoso product training, but how the new working practices will be applied.
  9. Then, of course, we need some time for the system to be used in the way it has been designed. The length of this phase can be anything between a few weeks and several months, with regular steering committee meetings to monitor progress.
  10. Finally, we evaluate the results of the project against the success criteria defined earlier. Inevitably, some things will have worked well, some less so – this is essential input into the next iteration of the project, which starts again back at the “gain mandate” step.

VET is a continuous improvement programme.  At BroadVision, we understand that behavioural changes take time and the end goal is only reached through a series of smaller steps. The results of one phase of the project feed directly into the definition of the next. Each iteration delivers invaluable data about which initiatives have worked, and which need to be reviewed. So the journey from noise and miscommunication to a streamlined “big knowledge” environment is taken gradually, not as one big leap.

BroadVision Global Services have been assisting leading enterprises around the world with their digital business initiatives for more than 20 years. Throughout the VET process, consultants from our Digital Transformation Group are here to help you. We’ll take part in your steering committee meetings, assist with project scoping and implementation, and training project participants.

The Vmoso Enterprise Transformation Methodology formulates and executes a clear, realistic, achievable plan for digital transformation of your communication, collaboration and engagement. It unlocks collective knowledge stored in fragmented systems across your organisation and introduces dynamic, collaborative processes to your business workflows.

Harnessing Corporate Knowledge In A Time of Digital Disruption

 

The entry to the market of disruptive “born digital” companies has both changed consumers’ expectations and disrupted incumbents’ business models, paving the way for a generalized Digital Transformation momentum across companies worldwide. At the heart of this disruption lies a superior ability to analyze data and to continuously deliver actionable information and superior customer experiences.

Vmoso Chatbot by Optimist

 

Vmoso Chatbot by Optimist enables companies to provide rapid, automated assistance to customers within the context of their ongoing relationship with the customer.

Show Transcript

Using the Optimist software, the chatbot can be taught how to handle requests for any type of industry.

 

In this video we’ll see how Galaxy Airlines uses the chatbot to help John, who’s planning a short trip to Los Angeles with his family.

 

John starts by asking the chatbot for some information about access to the VIP lounge. Using a bot to answer frequently asked questions like this saves time and cost for the customer service team, and gives the customer a faster response.

 

But the chatbot can also help with the more complicated task of booking a flight. Based on John’s requests, the chatbot is able to suggest an itinerary, and then revise it in response to John’s replies.

The chatbot can also upsell – so  offers to help John book ground transportation for when he arrives in LA.

 

By automating the response to frequently asked questions and assistance with the booking process, Galaxy Airlines reduces its customer service cost and delivers a faster response to its customers.

 

And because this all takes place within the Vmoso customer service channel, the discussion is retained for future reference for  both the chatbot and customer service staff.