Posted in Misc

May 25, 2018: The Birth of GDPR


Flooded with emails from companies describing how they’ve updated their Privacy Policy? You’re not alone. The GDPR goes into effect today and if a business isn’t compliant, then hefty fines and penalties await.

After about 4 years of contentious debate, on 8 April 2016, the EU data protection framework was finally adopted. As of today, it’s the law, – the General Data Protection Regulation (GDPR). It’s a law that’s sure to significantly overhaul Europe’s cornerstone data protection legislation at a time when technology-led information systems and digital businesses are creeping into every aspect of human life. The new EU GDPR replaces the existing Data Protection Directive 95/46/EC as of 25 May, 2018. The European Union aims to harmonize data privacy laws across Europe to empower its citizens and protect their data privacy. In addition to that, it also wants all organizations dealing with the personal data of EU citizens to change their perspective and approach towards data privacy.

Adopting the GDPR marks a major milestone in EU’s data protection laws.

Why the GDPR?

keys.pngThe rising concern of people and Governments regarding data privacy motivated the existence of GDPR. Europe, in general, has always been an aggressive protector of its citizens data. The Data Protection Directive that went into effect in 1995 controlled the way companies were using personal data of their users. Over the last two decades, Internet adoption has increased dramatically transforming the World Wide Web into a major business hub. It quickly became clear that the old directive was not enough to address the many challenges existing in the way businesses collect, store, and transfer data today.

Screen Shot 2018-05-25 at 2.07.52 PM.png
Source: RSA Data Privacy and Security Report

The reality is that public concern over data privacy has grown significantly. As per the RSA Data Privacy and Security Report, 80% of consumers felt that lost banking and financial data was their top concern. However, loss of security and identity information like passwords or passports was a close second and was an area of concern for 76% of surveyed participants.

Screen Shot 2018-05-25 at 2.08.08 PM.png
Source: RSA Data Privacy and Security Report

62% of all respondents said that they would blame the company and not the hacker if their personal data was breached – an alarming update for companies dealing with consumer data. The report concludes:

As modern consumers are better informed they expect more transparency and responsiveness from the stewards of their data.

One point in RSA’s report that directly relates to the existence of GDPR is particularly interesting. It demonstrates how consumers figured out their own countermeasures to deal with a company handling user data inappropriately. According to the report, about 41% of people intentionally falsify information while signing up for an online service. Lack of trust, security threats, a desire to avoid unwanted marketing emails and avoiding the possibility of having their data resold are the major concerns behind these countermeasures.

Screen Shot 2018-05-25 at 2.12.31 PM.png
Source: RSA Data Privacy and Security Report

Modern consumer mentality has evolved to where at they’ are in no mood to forgive a company for failing to prevent a data breach that exposes their personal data. In the U.S., about 72% respondents firmly stated that they will no longer visit or deal with a company that fails to protect their data. Conversely, about 50% of respondents say they are more likely to shop at a company that is serious about how it protects user privacy and safeguards their data.

With increased digital transformation, businesses make increasing use of digital assets, services, and big data. Additionally, consumers are sharing their personal information with a multitude of online platforms using different touch points. Therefore, it has become a key business imperative for a company to stay accountable, responsible, and transparent when it comes to protecting consumer data on a daily basis.

Who is Affected?

The GDPR is in effect from today (May 25, 2018)gdpr.png. The sweeping new set of changes will affect every company from technology to advertising and from medicine to banking. The biggest impact will be on companies holding and processing large amounts of consumer data: technology firms, marketers and the data brokers connecting with them. Additionally, companies whose business models are based on acquiring and exploiting consumer data at large scale are also expected to bear the largest burden.

If your company stores or processes information on EU citizens, then you are required to comply with the new GDPR, even if you do not have any business presence in EU.

The GDPR is applicable to your business or company if your business has

  • A presence in an EU country,
  • No presence in the EU but your business possesses data of EU citizens,
  • More than 250 employees,
  • Fewer than 250 employees but your data processing impacts the rights and freedom of data subjects, not occasional, or includes a certain type of sensitive personal data.

According to a PwC survey, over 90% of U.S. companies with more than 500 employees have taken GDPR compliance seriously.

Recently Propeller Insights conducted a survey sponsored by Netsparker to find out the companies that are expected to be most affected by the GDPR. 53% feel that the technology sector will be severely affected. Online retailers clocked in at 45%, software companies at 44%, SaaS software companies at 37% and companies dealing in retail/consumer packaged goods came in at 33%. The bottom line is: the EU is big and most companies deal with EU citizens either as employees, customers or partners and will be affected by the GDPR.

Effect of GDPR on Third-Party and Customer Contracts

In the new GDPR guidelines, equal liability is placed on data controllers and data processors. If you do business with a third party data processor, which is not in compliance with the GDPR, it means that your business has failed to comply with the GDPR. Besides, the new regulation has mandated strict rules for reporting data breaches that everyone in the data processing chain must abide by.

As a result of the GDPR, the contracts your business has with third parties like Cloud (IaaS) providers, SaaS vendors, or other support service providers and customers; must spell out the shared data protection responsibilities. Moreover, these revised contracts will have to define logical processes that will be used to manage and protect data along with the mechanisms that will be used to report data breaches.

Client contracts also need revision to, ensure these contracts adhere to the new GDPR changes. Business managers, I.T., and security team must understand and agree upon a compliant reporting process.

Ten Steps to Take TODAY

  • Top Management needs to trigger a sense of urgency: The top management in the company responsible for risk management must prioritize compliance with global data hygiene standards and infuse the entire organization with a sense of urgency.
  • Motivate Stakeholders to get involved: Your I.T. department alone is not responsible for preparing the entire organization to be GDPR compliant. Involve marketing, finance, sales, operations and other departments that collect, analyze or use consumer data. Their inputs and suggestions to handle and protect data will help the technical team to implement procedural changes effectively and speedily.
  • Hire a Data Processing Officer: Under new GDPR, it is not clear whether a DPO is a discrete position or not. You can either appoint someone within the company who has worked in a similar kind of role, who could ensure data protection with no conflict of interest or hire a new individual. You also have the option to work with a virtual DPO who could work as a consultant for your company.
  • Perform Risk Assessment: Assessing risks involved in collecting, processing and or managing EU citizen’s’ data is a major step towards GDPR compliance. Once a risk assessment has been performed, your business will understand the options available for mitigating these risks.
  • Mobile Security is a Must: In the modern I.T. environment, more than 68% employees access employee, customer, and partner data on mobile devices, which is a major threat to data protection leading to non-compliance with the GDPR. Employees download third-party applications on their work devices jeopardizing the security of consumer data. Implementing a mobile security framework to protect against unauthorized access to data on the mobile device is a critical component of GDPR compliance.
  • Create a concrete Data Protection Plan: In a perfect world, you already have a solid data protection plan in place. If not, you need to create one right away. If you already have a plan, kudos to you but you should review and update the plan for GDPR compliance.
  • Bring Together a System to Report Progress in GDPR Compliance: Article 30 of the GDPR regulation mandates companies to maintain a record of processing activities under its responsibility. To ensure your company is keeping accurate records you need to establish a team that can monitor places where personal data is being processed, who is processing it, and how it is being processed.
  • Implement Systems to Alleviate Risks: After identifying risks, you need to determine measures that will mitigate them, even if it means revising existing risk mitigating systems. Spotting and investigating the risks associated with data processing and regulating the needed level of security required to protect data becomes easier for the GDPR once you have taken an inventory of risky applications and understood how data is being processed in your organization (Step 7 above).
  • Setup and Test an Incident Response Plan: Under the GDPR, companies need to provide a detailed report regarding any breach of personal data to their local data authority ‘without undue delay’ (within 72 hours of becoming aware of the breach). Don’t wait for an actual data breach to occur – setup a response team and perform drills to make sure it works as planned.
  • Comply with GDPR by eyeing Business Benefit: Undoubtedly, complying with the GDPR will provide a competitive edge to your business. Compliance will not only enhance ROI but will also help in boosting consumer confidence. Moreover, the technical and process changes you will bring about to comply with the GDPR will enhance your organizations’ efficiency to manage and secure data.


The GDPR is here. Compliance is a daunting task; it’s difficult to understand where to start; especially when every facet of the business from staff training to data security audits are involved. This blog will definitely help you to understand GDPR better and implement measures that will make your organization GDPR compliant.


After hours of brainstorming sessions, poring over documents, legal reviews and many gallons of coffee, we are proud to announce that, effective May 25, 2018, frevvo complies with the GDPR.

You can learn more and obtain a Data Protection Addendum (DPA) by visiting our GDPR site.

Posted in Product

frevvo + box: Automatically save documents to box

In recent articles, we talked about how you can easily connect your frevvo forms and workflows to Google Drive and use it as a low-cost ECM system. While frevvo also works with more traditional ECM systems, we’ve noticed that some of our customers prefer to use for their enterprise grade data and information security (HIPAA, PCI compliance etc.). Naturally they want to save documents (Student Registrations, Purchase Orders, W-4, Patient Referrals etc.) generated by automated frevvo forms and workflows to their secure box storage. We’re getting ready to release a box connector in V7.1 to enable this.

The steps are straightforward. Obviously, you must have a box account and will need the connector installed and configured (it’s already done for you if you’re using frevvo Cloud). Once that’s all setup:

Connect a frevvo form or workflow to your box account
  1. Login to your box account and create a folder for this workflow.
  2. Create your form or flow as usual. Generate a frevvo-PDF, map to your custom PDFs, upload attachments etc. Then, open the box wizard.
  3. Enter your box account.
  4. You’ll be redirected to login to box if necessary.
  5. Select the folder you just created in Step 1, setup a submission folder name (typically, this is set dynamically using form fields) and select the documents you want to upload (Snapshot PDF, XML data, uploaded files and generated PDFs).
  6. Use the form/flow normally, fill in data, sign the form etc. and submit it.
Files for each workflow submission are uploaded automatically in the proper subfolder

Now, login to your box account and navigate to the folder you created earlier in Step 1 above. See that it now contains a subfolder. The subfolder is dynamically named based on form data e.g. FirstName Initial_LastName. Every time a workflow is submitted a new subfolder will be created in this parent folder.

Generated W-4

Inside the subfolder, you’ll see the uploaded files e.g. the frevvo generated PDF and a Federal W-4. You can click on the PDF to preview it directly in the box UI.

That’s all there is to it. Interested in learning more? Visit our website to view examples, watch videos, sign up for a free 30-day trial or contact us anytime for more details.

Posted in Forms

Google Drive as a low-cost ECM?

google-apps-for-work-logo-2My colleague Prajakta just published a 6-part series of articles on frevvo + Google Apps (Part 1 is here and contains links to the others).

I also came across a Forrester Wave report (The Forrester WaveTM: ECM Business Content Services, Q3 2015: Our Evaluation Of 11 ECM Vendors And How They Stack Up) while working with another ECM vendor. It contains the following key takeaway:

Business Content Services Emphasize Document Sharing, Collaboration, And Usability

That got me thinking. At frevvo, we use Google Drive quite extensively for collaboration and sharing around documents. But, we also use it as a low-cost [Enterprise] Content Management system. It works for us because our own internal forms and workflows are integrated with Google Drive (Apps).

Cloud-based document sharing systems like Google Drive tend to focus on basic document storage and retrieval e.g. sharing your pictures from that trip to the Amazon. Even if you’re looking to share and collaboratively access business documents, Google Drive can do a decent job of that.

But the highest value is realized when these functions are properly integrated in with automated workflows (and the associated forms). Without e-forms and workflow, Google Drive is nothing more than a glorified network drive albeit. Very useful (secure, backup etc.) and incredibly affordable no doubt. But, it’s not even close to ECM and will produce very little by way of cost & time savings or productivity enhancements by itself.

That’s where frevvo can help. You can combine frevvo + Google Apps in many ways to create really useful solutions:

  • Electronic Signatures – sign permission slips, sales orders and leave approvals electronically and save them to Google Drive.
  • Dynamic Content – create dynamic pick lists from a Google Sheet, update it after submission, get mileage info from Google Maps.
  • Simple Content Export – create relatively simply forms and workflows that just save submissions to a Google Sheet. You can perform all the usual functions on the data to analyze it.
  • Automated Approvals – this is where the real value comes in. Digitize core day-to-day operations – forms/documents that are routed between various people in your organization for approvals.

Read more in Prajakta’s series of blog articles (Part 1 here).

Again, Google Drive (and Apps) by itself is not really an Enterprise Content Management system. But, by combining frevvo with Google Sheets, Maps, Drive and other APIs, customers can easily create their own unique online forms and digital workflows that meet real-world business requirements, work automatically on mobile, are cloud-based and securely save the documents to Google Drive. Once in Drive, the documents can be managed, shared and searched.

The combination gets you closer to having ECM-like functionality at an incredibly affordable cost.

Learn more by visiting our website and sign up for a free 30-day trial account.

Posted in Approval Process, Excel, Financial Process Automation, HR Process Automation, Workflows

ROI in less than 3 months

roi-1Sometimes, we get asked in the sales process about the ROI (Return on Investment) of buying and implementing a digitized frevvo workflow vs continuing with the current way of doing things. Typically, this means sending an Excel or PDF document around by email for approvals.

Emailing Excel and PDF documents for approvals is incredibly expensive.

The manual approach is fraught with problems:

  • How do you ensure that you have the latest version? Shared folder? Intranet?
  • How do you actually get the approvals? Via e-mail? Schedule a meeting? What happens if someone is on vacation or fails to respond in a timely manner? What if there’s an error? More e-mail?
  • What if a signature is required? Attachments? Does this mean printing, signing and scanning?
  • How do you keep track of and formally record who has approved the document? Save multiple e-mails? Meeting notes?
  • What will happen months from now when you need to find the signed and approved document?

An automated approval workflow from frevvo can quickly save you a lot of money. In most cases, you will start seeing ROI with frevvo in less than 3 months (even faster at higher volumes). Check out this ROI calculator for a Purchase Requisition or click on the image to see how frevvo can save you $$$.

As a bonus, you’ll have happier employees who can focus on customers and new business opportunities rather than chasing down paper. Interested? Contact us now to learn more.


Posted in Approval Process, Cloud, Workflows

Top I.T. Teams embrace digital and tech trends

Salesforce Research’s 2016 State of I.T. report is filled with interesting observations. More key findings:

High performers are 4.2X more likely to implement digital transformation across their company.

Source: Salesforce Research 2016 State of I.T. Report

I.T.’s role has clearly evolved dramatically from just “keeping the lights on” to acting as innovation leaders and digital experts. The most innovative and successful I.T. organizations are expected to deliver cutting-edge customer-driven applications.

Yet, they still need to deliver on typical internal needs. Key needs such as improving worker efficiency, data visibility and automating routine, everyday business processes still top the charts when it comes the top outcomes I.T. teams strive to achieve.

Source: Salesforce Research 2016 State of I.T. Report

Whether it’s internal productivity applications or external customer-facing applications, the facts are that everyone expects modern and mobile technology with a beautiful user experience.

As a result, top teams are not afraid to take risks. In fact:

High performers are 3.7X more likely to excel at staying ahead of technology trends.

Learn how you too can get started implementing game-changing solutions for your organization. Check out these Purchase Order (~7m) and Employee On-Boarding (~8m) videos. See how you can start with a pre-built frevvo template and, in a matter of minutes, have a fully automated workflow that works on all devices, provides a great user experience, and can instantly help improve employee efficiency.

Posted in Cloud

Hybrid Cloud Adoption has hit its stride

Rightscale just released their brand new 2016 State of the Cloud Survey with some interesting insights. It affirms what many other reports have concluded: Cloud Adoption is growing and

Hybrid Cloud is the preferred strategy in enterprises.

hybrid-201671% of companies are using hybrid cloud environments. It makes sense: for Cloud Apps to be truly useful, they need access to internal systems. That’s just common sense. We see our customers choosing hybrid cloud for many reasons but the most important one is:

Business processes running in the cloud are far more effective if they’re integrated with important data in business systems such as HR systems, databases and authentication systems.

These systems won’t go to the Cloud overnight for sure and maybe not for years. Hybrid Cloud is then obvious. If you’re a CIO, you can take an incremental approach and start seeing benefits quickly without having to move internal business systems and data wholesale to the cloud.

Our customers are increasingly taking advantage of this approach. We provide a Database Connector, secure Active Directory/LDAP support, Microsoft Azure AD, SAML for single sign on, a File Connector so you can save files to a network drive, and a Google Apps Connector so you can update a Google Sheet and/or upload files to Google Drive.


Visit our website to learn more and sign up for a free 30-day trial.

Posted in Approval Process, Customers, Financial Process Automation, Higher Ed, HR Process Automation

Let’s build a Smarter Business

IBM says “Let’s build a Smarter Planet” – from Governments to cities to buildings to water. That’s great – it’s a big idea and a massive initiative. I hope we can get there soon.

But, what about somewhat humbler initiatives? At frevvo, we’re a heckuva lot smaller than IBM. I’m betting that your company’s a lot smaller than a Government or a city too. But, together, we can still build a Smarter Company, a Smarter Small Business or even a Smarter Department. Many of our customers are already doing it.

Higher Education

In a Smarter University, students can do everything on their phone. The clientele is often millenials. They’re comfortable with technology and live on their mobile devices. Many Universities are already using frevvo (Syracuse, La Cité College, Harvard, NYU, University of California, and others) for Student Registration, Internship Applications, and internal HR/Finance workflows. Students love using mobile devices and not having to stand in line. Smarter Universities save students time and serve them better.

smartrealestateReal Estate

A Smarter Brokerage doesn’t waste associates’ time in duplicate data entry and signatures for MLS listings. You’d think every real estate agency would want the listing process to be ultra-efficient. After all, you can’t sell property unless it’s listed. See how two of our customers (Jameson Sotheby’s International Realty and Kuper Sotheby’s International Realty) are using frevvo to become smarter firms.

smartfinancialFinancial Processes

With Smarter Financial Processes, you get paid faster and speed up procurement for important initiatives. Customers like Hellmann Worldwide Logistics and Escondido Union School District are using frevvo today for completely automated Purchase Requisitions, Sales Orders and Expense Reports and implementing smarter financial processes.

smarthrHR Processes

Smarter HR Processes mean happier employees and customers. Customers like OSRAM Sylvania and Safeway Groceries have digitized HR approval processes like Salary Changes, Shift Modifications and Leave Approvals using frevvo. As a result, employees spend less time on paperwork and chasing down signatures. That gives them more time to focus on customers and new business opportunities. Everyone’s happier.

From satisfied employees to happy customers to business speed and agility to improved visibility and control, there are immense payoffs to becoming a Smarter Business. Why not try frevvo yourself? Contact us now for more information.

Posted in Financial Process Automation

Financial Process Automation: you’ll come for the costs but stay for the productivity


Research shows that digitizing reduces invoice processing (procure-to-pay) and sales order processing (order-to-cash) costs by anywhere from 50-60%. Impressive numbers indeed. Automating day-to-day financial processes in the cloud means you can process invoices, sales orders, expense reports etc. without worrying about the costs of servers, software, maintenance, upgrades and other hardware.

Many frevvo customers are automating their financial processes and lowering costs. But, what they’re finding as they go along is that the payoffs in increased productivity are vastly more compelling. Here’s what they tell us (see Case Studies for more):

  • Happier Employees: Your employees are so much happier now that they’re freed from error-prone, tedious data entry tasks. Automatic calculations, instant validation, PDF generation, no more duplicate data entry or signatures – it just makes for less frustrated and more productive people.productivity-circle-icon
  • Mobile Enablement: Our customers love that their forms/workflows simply work on mobile devices. But, they’re equally appreciative of the fact that they work well. Business forms are often large and complex and the time and effort we have put into people-first design ensures that the end product is usable and gets used rather than becoming yet another piece of “shelfware”.
  • Business Speed: Sales Orders, Invoices, Expense Reports get processed faster. You get cash sooner, avoid penalties & side effects of late payment and reimburse employees in a timely manner.
  • Improved Visibility and Control: Searching, tracking,and auditing are all much easier when everything’s electronic. You’ll feel the benefits all over the organization by virtue of facilitating access, sharing knowledge, promoting employee flexibility and improving business continuity.
  • Compliance: Digitizing obviously helps improve compliance. It’s far easier to ensure that documents can be retained, retrieved, audited or destroyed according to your business policies.
  • Business AgilityWhen employees spend less time on paperwork and tedious tasks, they’re freed up to respond to customers. In today’s world, you must be able to react to customer feedback and take advantage of new opportunities as soon as they come up. It’s critical for growth and the consequences of not being agile can quickly become disastrous.

Interested in learning more and automating your own financial processes?Learn more by visiting our website. Explore some of the examples, read customer success stories and contact us for more details.

Posted in Usability

Unsuck the Enterprise


There’s something strangely appealing about trying to make enterprise software not universally despised. I guess I believe in a utopian vision where enterprise software is useful, usable, and (gasp!) enjoyable.

– Rian van der Merwe in a great post about Enterprise UX.

I came across this article a while back and it really hits home for me. There’s no doubt about it. Enterprise UX sucks mainly because it’s practically impossible for enterprise developers, who are usually under extreme pressure, to prioritize sexy screens and fast page load times. The result is a terrible user experience and dissatisfied users.

Similarly, blindly following the latest paradigm like mobile first also leads to a terrible user experience e.g. Windows 8 on a desktop computer.

Prioritize how people use applications

That’s exactly at the core of what we do – People First Design. Customers use frevvo to create enterprise applications like Employee On-Boarding and Purchase Requisitions. The designer is typically not a professional developer but a business engineer. For our product, that means:

Let the business engineers design forms and flows to meet business requirements. We’ll take care of providing the natural user experience everywhere.

Great looking, highly usable enterprise applications don’t have to take too long and cost too much. It’s not easy to do (even Amazon and Google don’t always get it right in spite of their vast resources). We’ve invested tons of effort in this area. From the obvious things like responsive layouts and mobile aware controls to a host of smaller details like slightly bigger buttons/controls that are much more usable on touch screens and decorators that provide extra quality, we’ve done the work to make sure that your users will get a beautiful and enjoyable UX.

We’ll continue to invest more so you don’t have to worry about it. We’d love to hear from you. Contact us for more information.

Posted in Approval Process, Cloud

Cloud is moving UP the value chain

cloud3Cloud has obviously become ubiquitous. As we saw in Verizon’s Enterprise Cloud 2016 report, there isn’t much advantage anymore to simply using cloud.

Much of the initial value of cloud came from unplugging traditional data centers and eliminating hardware. Organizations now simply click a few buttons and presto! you have new servers. It’s easy to quantify this value – the costs of servers, the time to setup and maintain them as well as physical data centers etc. But everyone’s doing it now.

What about the future? How will cloud allow us to tackle far more complex challenges? As cloud technology advances, early adopters are already realizing new kinds of value from:

  • Automation and the resulting efficiency
  • Business Agility – focus on customers and new opportunities rather than wasting time on chasing down signatures and figuring out how data is stored.

Beyond hardware and data centers, cloud environments enable efficiencies reaching further up the stack than ever before. Managed Service Providers can automatically monitor production systems and perform administration tasks – you pay only for the level of service you need for each system and scale up/down in real time. On the DevOps front, cloud enables a more continuous model again by automating administration. The result is quicker release cycles and higher quality systems.

Further up the stack, Cloud is a key enabler for reengineering and automating business processes on mobile devices. When everyday approvals such as Purchase Orders, Employee On-Boarding, Patient Referrals etc. are digital, you’ll free employees from tedious, time-wasting tasks like tracking down approvals and let them focus on customers. More importantly, they’ll be able to react quickly to take advantage of new opportunities. A potential game-changer for your organization.

Watch a 4.5 minute video

Going even further, once you have this kind of automation enabled by cloud, you’ll be able to take advantage of business insights and intelligence to identify the bottlenecks, streamline operations. Even more important, with predictive analytics, you might learn what you should be doing before you need it rather than simply being reactive.

Cloud-based automation is the first step in the feedback loop you need to drive business strategy and make correct business decisions or risk being left behind.