Digitising business processes and data protection function
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
This week’s piece covers the importance of digitalising business processes and how data protection plays a big part in that process.
Let me start with a scenario I experienced at a particular registrar’s on Ajose Adeogun, Lagos. My dividends for some companies remained unpaid for months. This registrar acts as a subsidiary that manages such issues.
I got to the building, and the gentleman at the gate gave me a form to fill. The form requires my passport photograph, my biometric verification number (BVN), my bank account details, my telephone number and my house address.
I asked the man if there was no other way to get my dividend without filling this extreme data intrusive form, he answered politely: “no, sir.”
I played to the request of the company. I affixed my photograph and filled in the details. I went back and submitted the form to the gentleman at the gate and he asked me to wait for some minutes.
By this time, there was a queue. The same gentleman issued out the same form to everyone. Then he disappeared with my form.
As I waited, I thought of various possible scenarios, what if the man takes a picture of the information on that form? The gentleman came back and asked that I write my old address. He claimed that there was no way “the person” inside could assess further information. I gave the address.
Others with the same issue filled out forms, and I even saw someone pass his international passport. This gentleman at the gate, on a per-second basis, is exposed to our sensitive personal information. Why? Because there is no digital process in place.
Many Nigerian institutions still use paper format and collect massive information for verification purposes or to meet contractual obligations. An institution like the one above should not only have digitised their process but also come up with the best data protection schemes when processing data. The said institution has been around for over a decade, and it still runs some of its core customer queries with paper documents which leave the company ripe for data breaches on a GRAND scale.
Running systems manually, or paper-based, exposes gaps in a company information management system.
The best form and easiest way to ensure that companies don’t expose themselves to excess information gathering is by the digitisation of their process and adding the data minimisation principle.
Digitisation of any process is perhaps one of the most complex projects any institution can go through and, as such requires experts in information security, network security, cybersecurity, project managers, business analysts, data protection experts and solutions architect. However, what transpires most of the time in Nigeria is a movement to digitisation processes without appropriate planning. Case in point is the National Identity Commission (NIMC) failed attempt to digitise their records (a topic for another discussion).
Many Nigerian institutions attempt their digitisation process but fail to put some aspects into perspective. To digitise is to create a road map and a period of transition.
Sometimes, from my experience, some digitisation process takes years and consistent iterating. It’s not a one-time project. It’s best done in stages.
What are the steps to consider? First, identity stakeholders with expertise within the organisation and get them involved in the digitisation process. There are certain basic elements that must be considered.
There must be an analysis of the entire business or institution. Second, after the analysis, the stakeholders will identify areas that need to be digitised while considering business continuity, cost implication and training.
In addition to the above, data protection must be embedded into the process. Any digitisation process that ignores data protection from the inception will fail.
Hospitals, schools and even banks in Nigeria till today still rely heavily on processing data manually, which is not a sustainable model.
As the world advances into a technologically complex world filled with features of big data, internet of things (IoT), artificial intelligence and machine learning, the need to create a robust digital presence becomes sacrosanct.
If that institution in my story digitised their process, I wouldn’t need to be at the physical building, and perhaps I wouldn’t have to submit so much information to make a claim.
The Nigerian business terrain is maturing globally and needs to be practical in its global approach. And what’s more, there is no excuse to remain obsolete. Digitisation will ease business processes and adding data protection to the machine will make the process safe and secure in the long run.