Higher Education administrative costs have grown dramatically and faculty spend too much of their time (more than 30% in many cases) on non-academic activities.
Using frevvo, our University customers have automated day-to-day administrative workflows from expense reports to travel authorizations to purchase requisitions. They’re able to track and manage them better and dramatically reduce wasteful manual work and costs. They love the visual, low-code designers, dynamic behavior, and built-in mobile but also love the speed and ROI of digital transformation.
Watch this 2m explainer video to see how they’re using frevvo’s drag-and-drop software to easily digitize forms and workflows and free up faculty time to focus on students.
Many K-12 schools (public and private) use frevvo to automate routine day-to-day workflows from travel authorization to permission slips to absence records. They love capabilities like the visual, low-code designers, dynamic behavior, and built-in mobile but also love the speed and ROI of digital transformation.
Watch this short 2m explainer video to see how they’re getting rid of paper- and email-based processes, converting them to digital and freeing up teachers and staff to focus on students instead of chasing signatures.
After about 4 years of contentious debate, on 8 April 2016, the EU data protection framework was finally adopted. As of today, it’s the law, – the General Data Protection Regulation (GDPR). It’s a law that’s sure to significantly overhaul Europe’s cornerstone data protection legislation at a time when technology-led information systems and digital businesses are creeping into every aspect of human life. The new EU GDPR replaces the existing Data Protection Directive 95/46/EC as of 25 May, 2018. The European Union aims to harmonize data privacy laws across Europe to empower its citizens and protect their data privacy. In addition to that, it also wants all organizations dealing with the personal data of EU citizens to change their perspective and approach towards data privacy.
Adopting the GDPR marks a major milestone in EU’s data protection laws.
Why the GDPR?
The rising concern of people and Governments regarding data privacy motivated the existence of GDPR. Europe, in general, has always been an aggressive protector of its citizens data. The Data Protection Directive that went into effect in 1995 controlled the way companies were using personal data of their users. Over the last two decades, Internet adoption has increased dramatically transforming the World Wide Web into a major business hub. It quickly became clear that the old directive was not enough to address the many challenges existing in the way businesses collect, store, and transfer data today.
The reality is that public concern over data privacy has grown significantly. As per theRSA Data Privacy and Security Report, 80% of consumers felt that lost banking and financial data was their top concern. However, loss of security and identity information like passwords or passports was a close second and was an area of concern for 76% of surveyed participants.
62% of all respondents said that they would blame the company and not the hacker if their personal data was breached – an alarming update for companies dealing with consumer data. The report concludes:
As modern consumers are better informed they expect more transparency and responsiveness from the stewards of their data.
One point in RSA’s report that directly relates to the existence of GDPR is particularly interesting. It demonstrates how consumers figured out their own countermeasures to deal with a company handling user data inappropriately. According to the report, about 41% of people intentionally falsify information while signing up for an online service. Lack of trust, security threats, a desire to avoid unwanted marketing emails and avoiding the possibility of having their data resold are the major concerns behind these countermeasures.
Modern consumer mentality has evolved to where at they’ are in no mood to forgive a company for failing to prevent a data breach that exposes their personal data. In the U.S., about 72% respondents firmly stated that they will no longer visit or deal with a company that fails to protect their data. Conversely, about 50% of respondents say they are more likely to shop at a company that is serious about how it protects user privacy and safeguards their data.
With increased digital transformation, businesses make increasing use of digital assets, services, and big data. Additionally, consumers are sharing their personal information with a multitude of online platforms using different touch points. Therefore, it has become a key business imperative for a company to stay accountable, responsible, and transparent when it comes to protecting consumer data on a daily basis.
Who is Affected?
The GDPR is in effect from today (May 25, 2018). The sweeping new set of changes will affect every company from technology to advertising and from medicine to banking. The biggest impact will be on companies holding and processing large amounts of consumer data: technology firms, marketers and the data brokers connecting with them. Additionally, companies whose business models are based on acquiring and exploiting consumer data at large scale are also expected to bear the largest burden.
If your company stores or processes information on EU citizens, then you are required to comply with the new GDPR, even if you do not have any business presence in EU.
The GDPR is applicable to your business or company if your business has
A presence in an EU country,
No presence in the EU but your business possesses data of EU citizens,
More than 250 employees,
Fewer than 250 employees but your data processing impacts the rights and freedom of data subjects, not occasional, or includes a certain type of sensitive personal data.
According to aPwC survey, over 90% of U.S. companies with more than 500 employees have taken GDPR compliance seriously.
RecentlyPropeller Insights conducted a survey sponsored by Netsparker to find out the companies that are expected to be most affected by the GDPR. 53% feel that the technology sector will be severely affected. Online retailers clocked in at 45%, software companies at 44%, SaaS software companies at 37% and companies dealing in retail/consumer packaged goods came in at 33%. The bottom line is: the EU is big and most companies deal with EU citizens either as employees, customers or partners and will be affected by the GDPR.
Effect of GDPR on Third-Party and Customer Contracts
In the new GDPR guidelines, equal liability is placed on data controllers and data processors. If you do business with a third party data processor, which is not in compliance with the GDPR, it means that your business has failed to comply with the GDPR. Besides, the new regulation has mandated strict rules for reporting data breaches that everyone in the data processing chain must abide by.
As a result of the GDPR, the contracts your business has with third parties like Cloud (IaaS) providers, SaaS vendors, or other support service providers and customers; must spell out the shared data protection responsibilities. Moreover, these revised contracts will have to define logical processes that will be used to manage and protect data along with the mechanisms that will be used to report data breaches.
Client contracts also need revision to, ensure these contracts adhere to the new GDPR changes. Business managers, I.T., and security team must understand and agree upon a compliant reporting process.
Ten Steps to Take TODAY
Top Management needs to trigger a sense of urgency: The top management in the company responsible for risk management must prioritize compliance with global data hygiene standards and infuse the entire organization with a sense of urgency.
Motivate Stakeholders to get involved: Your I.T. department alone is not responsible for preparing the entire organization to be GDPR compliant. Involve marketing, finance, sales, operations and other departments that collect, analyze or use consumer data. Their inputs and suggestions to handle and protect data will help the technical team to implement procedural changes effectively and speedily.
Hire a Data Processing Officer: Under new GDPR, it is not clear whether a DPO is a discrete position or not. You can either appoint someone within the company who has worked in a similar kind of role, who could ensure data protection with no conflict of interest or hire a new individual. You also have the option to work with a virtual DPO who could work as a consultant for your company.
Perform Risk Assessment: Assessing risks involved in collecting, processing and or managing EU citizen’s’ data is a major step towards GDPR compliance. Once a risk assessment has been performed, your business will understand the options available for mitigating these risks.
Mobile Security is a Must: In the modern I.T. environment, more than 68% employees access employee, customer, and partner data on mobile devices, which is a major threat to data protection leading to non-compliance with the GDPR. Employees download third-party applications on their work devices jeopardizing the security of consumer data. Implementing a mobile security framework to protect against unauthorized access to data on the mobile device is a critical component of GDPR compliance.
Create a concrete Data Protection Plan: In a perfect world, you already have a solid data protection plan in place. If not, you need to create one right away. If you already have a plan, kudos to you but you should review and update the plan for GDPR compliance.
Bring Together a System to Report Progress in GDPR Compliance: Article 30 of the GDPR regulation mandates companies to maintain a record of processing activities under its responsibility. To ensure your company is keeping accurate records you need to establish a team that can monitor places where personal data is being processed, who is processing it, and how it is being processed.
Implement Systems to Alleviate Risks: After identifying risks, you need to determine measures that will mitigate them, even if it means revising existing risk mitigating systems. Spotting and investigating the risks associated with data processing and regulating the needed level of security required to protect data becomes easier for the GDPR once you have taken an inventory of risky applications and understood how data is being processed in your organization (Step 7 above).
Setup and Test an Incident Response Plan: Under the GDPR, companies need to provide a detailed report regarding any breach of personal data to their local data authority ‘without undue delay’ (within 72 hours of becoming aware of the breach). Don’t wait for an actual data breach to occur – setup a response team and perform drills to make sure it works as planned.
Comply with GDPR by eyeing Business Benefit: Undoubtedly, complying with the GDPR will provide a competitive edge to your business. Compliance will not only enhance ROI but will also help in boosting consumer confidence. Moreover, the technical and process changes you will bring about to comply with the GDPR will enhance your organizations’ efficiency to manage and secure data.
The GDPR is here. Compliance is a daunting task; it’s difficult to understand where to start; especially when every facet of the business from staff training to data security audits are involved. This blog will definitely help you to understand GDPR better and implement measures that will make your organization GDPR compliant.
After hours of brainstorming sessions, poring over documents, legal reviews and many gallons of coffee, we are proud to announce that, effective May 25, 2018, frevvo complies with the GDPR.
It’s a common requirement among our customers – they love the advantages of online workflows such as dynamic behavior and built-in mobile but need to generate their own PDF document. For example, a Federal W-4 or I-9 during Employee On-Boarding. With frevvo, you don’t have to choose.
Join us on this webinar on June 7 at 1.00 PM EDT. In just 45 minutes (including Q&A), we will:
show you examples that customers are using today, and
demonstrate how you can drag & drop to easily create your own custom PDFs.
You can generate multiple PDFs, conditionally generate some PDFs and not others (e.g. a state W-4 depending on which state the employee resides in), save these PDFs in back end systems, send them by email etc.
In the last post, we described how to integrate a frevvo form/workflow with Quickbooks to create a new customer. Another common integration we see is with Salesforce. Similar to the Quickbooks integration, you can use the combination of Google Sheets + Zapier to make things happen in Salesforce when a frevvo form/workflow is submitted.
For example, let’s say you want to create a new Lead in Salesforce. The process is very simple and similar to the Quickbooks example.
1. Create your Google Sheet
Our example has several fields as shown above and test data in the first row. Make sure yours has a header row and at least one row of sample data. The columns in your sheet will depend on your Salesforce Lead fields. You must have a column for each required Lead field.
2. Create a Zap (in Zapier) and setup Google Sheets
Select Google Sheets as the trigger app, choose “New Spreadsheet Row” as the trigger, connect your Google Account, choose the Spreadsheet and Worksheet and pull in the sample row you created earlier.
3. Connect the Action of the Zap to Salesforce
Choose Salesforce as the Action App, select the Create Lead action, connect your Salesforce account, map fields to setup the Salesforce Lead template, and run a Test. Assuming the test is successful, give your zap a name and activate it.
4. Create your frevvo form or workflow and connect it to Google Sheets
Create the frevvo form with the appropriate fields and connect it to Google Sheets using the Save to Google Sheets wizard. When the form is submitted, a row is created in your Google Sheet. After a few minutes, the Zap will pick up the new row from the sheet and create your new Salesforce lead.
That’s all there is to it. With frevvo + Google Sheets + Zapier, you can easily and affordably integrate with 1000s of applications that Zapier supports without writing a single line of code.