1. Problem

Since its implementation on May 25, 2018, it has gotten quiet around the European General Data Protection Regulation (EU GDPR) – at least in public. In IT departments, it is still a subject of lively discussions – and rightly so. EU GDPR makes storing data even more complicated. Before the regulation was passed, companies tended to store data and documents for as long as possible. Now, complying with GDPR also means being able to delete personal data if necessary.

Companies have to delete data if employees, customers or partners make use of their ‘right to be forgotten’ – only if there are no legal retention periods in place, of course. However, companies also need to delete data if they have no valid reason to collect or store them in the first place. EU GDPR therefore not only requires companies to be able to delete data, but also manage the entire lifecycle of customer data and information. To put it plainly: the regulation requires continuous retention management.

It is hard enough to comply with GDPR’s requirements in live systems. However, not all companies know that GDPR also pertains to all legacy systems.

2. Consequences

Identifying the to-be-deleted information and where it is stored is a cumbersome, time-consuming and expensive task. Considering heterogeneous and internationally dispersed IT landscapes, it seems nearly unmanageable in live systems.

However, even if companies tackle this challenge, they are far from finished. They have to consider their legacy systems as well. Many of them are not able to delete information as precisely as GDPR is mandating; not to mention that they aren’t equipped to manage the entire lifecycle of data and documents, either. Retrofitting them would be expensive and laborious – if it is even possible, that is.

3. Impact

The main problem with retention management in legacy systems is that users cannot manage the entire lifecycle of personal data and documents independently of the lifecycle of the systems they are stored in. Technologically speaking, retrofitting them is often impossible. High costs ensue, but the worst part is the legal liability – the EU GDPR does not distinguish between live and legacy systems, after all.

4. Solution

The solution to this problem is to extract data and documents from any legacy system – SAP, Baan, Peoplesoft, Microsoft Axapta, Oracle ERP or customized systems – and store them on a modern and neutral central platform – including their business context, like all invoices pertaining to a specific customer address. Consequently, the platform has to be able to reference information and their relation to each other so that users can interact with it like they did in the legacy system. This is what GDPR is calling for. Only if all data pertaining to e.g. employees or customers can be identified across all legacy systems, companies can delete them precisely and purposefully.

The platform also has to offer comprehensive functionalities for retention management. At the end of each lifecycle – for example after ten years for invoices – the platform recommends deleting these data and documents. A four-eye principle and retention management functionalities help to avoid deleting information too soon or by accident. If a customer demands the deletion of all his data, the platform identifies documents with valid retention periods and keeps them stored. This is also true for data and documents on legal hold. Of course, retention management also means seamlessly documenting every step of the way.

This Information Management Platform is called JiVS IMP. Through built-in retention management functionalities, it supports customers in complying with the EU GDPR. Customers can implement JiVS IMP in their own datacenters or in the public cloud. Supported environments include Google Cloud Platform, Amazon Web Services and Microsoft Azure. Customers can also choose from a wide array of common database management systems (DBMS), like IBM Db2, Oracle Database, Microsoft SQL Server, SAP IQ and many more.

5. Benefits for Customers

JiVS IMP ensures legal certainty in legacy systems, but customers can also expect additional benefits. The platform not only manages the entire lifecycle of personal customer data, but also all corporate information regardless of whether it is stored in commercial systems like ERP and CRM solutions or technical systems like PDM and PLM.

JiVS IMP also manages the lifecycle of the corporate Crown Jewels – intellectual property. As central platform, it is more easily secured against cyberthreats and data breaches than legacy systems, making business operations more secure.

Last but not least, JiVS IMP reduces operational costs by 80 percent or more compared to the continued operation of legacy systems.

6. Price and Availability

JiVS IMP is generally available. Functional scope and price will be determined on a project-per-project basis.