Earlier this summer the GDPR, or General Data Protection Regulation, superseded the European Data Protection Directive (EDPD) to become the new keystone of data protection in Europe.
Its broader scope includes consumer information from personal identifiers such as social security numbers, to data on a person’s race, politics, web browsing history, and even biometrics. GDPR’s expanded reach covers not only the data of citizens in all 28 EU member states, but also the data collected on EU citizens by any company worldwide – even if they don’t have a business presence in the EU.
Companies in the business of automated debt collection know that having access to a person’s most private financial information, credit card balances and debt load is highly sensitive. Industry regulations are already in place to protect individuals. But companies like Ireland-based Expert Revenue Systems (XRS) – which specializes in credit control, collections, debt recovery and litigation solutions – are under the gun to make sure they protect clients even further.
Whether based in America, the UK, Europe or Ireland, XRS works with credit unions, financial institutions, government entities, telecoms and utilities to cover all aspects of credit control. From early reminder letters to monitoring overdue accounts, to joining with its legal wing to obtain judgments and enforcement, if needed – XRS helps reduce costs and improve efficiencies so financial institutions can focus on their own customers.
XRS was seeking to comply with Article 32 of the GDPR, which requires a documented service level agreement (SLA) and recovery service with a four-hour Recovery Point Objective (RPO). Though they were already working with Sungard Availability Services (Sungard AS) for cloud services, their original contract for Managed Services did not meet XRS’ RPO. GDPR fines pose serious financial implications to businesses for unavailability of service (two to four percent of annual revenues).
The solution? Sungard AS introduced XRS to Cloud Recovery – Amazon Web Services with an SLA-backed service for disaster recovery, assuring availability and recoverability of service. Sungard AS Cloud Recovery – AWS lets customers combine the power of hyperscale cloud with the IT resiliency expertise of Sungard AS, leveraging the capability offered by CloudEndure technology into a complete recovery solution. This includes onboarding, implementation and ongoing monitoring and management. Workloads can be hosted on-premise or within another AWS Region, and then recovered to the customer’s desired AWS Region.
While XRS had limited experience with AWS, the concept of a high-quality and cost-effective SLA was highly appealing, and the Sungard AS Cloud Recovery – AWS solution now provides XRS with a four-hour Recovery Time Objective (RTO) SLA for their environment.
The result? XRS achieved GDPR compliance ahead of schedule. They offloaded SLA risk to Sungard AS by virtue of the Contracted RTO SLA of 4 hours and can re-sell this service level agreement as a part of their service, making them even more competitive in the market.
Additionally, XRS can offer their business greater protection against possible data corruption by leveraging AWS EBS snapshots, which provides recovery points every 10 minutes and 60 minutes, every day for 30 days. Full compliance with GDPR Article 32 was achieved in a timely fashion, enabling XRS to get back to the business of supporting its clients, as opposed to worrying about regulatory penalties.
GDPR may have proven to be a headache for some companies and a major hurdle for others. But for XRS, compliance is not just a requirement – it’s good business.