Does GDPR spoil the blockchain party for everyone?

 

In a constantly and rapidly changing world, I wonder if a large part of the blockchain’s appeal isn’t its durability, its steadfastness, its immutability. And this characteristic – that it can’t be changed – is definitely one the very many advantages of the blockchain, and the future services running on it. Cut out the corruption, inefficiencies, fraud and plain old human error in transactions in one fell swoop.

But, what happens when the irresistible appeal of the blockchain, and we’ve hardly even begun to scratch the surface of what it will enable, comes up against the immovable object that is the General Data Protection Regulation (GDPR)? I’ve had a bone or two to pick with the GDPR before, both in terms of the likely burden it places on small and medium businesses , and also the impracticability of the right to request your personal identification be erased  and the knock on effects this can have of actually running a business.

Now, I’m wondering what impact this right to be forgotten will have on the potential of the blockchain, given that it seems to be entirely at odds with how the blockchain operates, and hence the value and disruption it, as a decentralised ledger, can deliver.

A quick recap. The, as yet mostly untested, GDPR gives individuals the right to request an organisation delete their personal identification information in certain circumstances. These include that the data is no longer needed for the reason it was originally collected; when the individual withdraws their consent that their data be stored or objects to its being processed; if the data is being stored in breach of the GDPR; to comply with a legal obligation; or if the personal data belongs to a child.

As yet, it’s unclear what erase means, especially within a digital context. Does it mean erase entirely or just make it inaccessible? In my previous article  I discussed some of the knock-on effects this can have in the pre-blockchain world, but now let’s consider what this means for a world built on the blockchain.

Unlike central registries controlled by a single authority, say a bank, public blockchain ledgers are spread out over a number of anonymous computers, connected on a peer-to-peer basis. The people involved don’t have to know, or even trust, each other. Transactions are announced to the group and recorded by everyone. At set intervals a section of the ledger, called a block, is locked irreversibly using cryptography and a piece of information from the previous block, and added to the chain. Working on the principle that the majority is honest, if any copy of the block on the network doesn’t match that of the others it is replaced with information the majority agree on. In other words, the longest chain is the true one.

Although best known for powering crypto-currencies, blockchain can also be used for many other things. For instance, Malta is looking at a blockchain-based land and health registry. And Estonians can log into their blockchain healthcare registry and see exactly who has accessed their details. The savings alone that blockchain offers are staggering. Goldman Sachs estimates that the securities industry could save $11 to $12 billion in fees by using blockchain to remove errors in the clearing and settlement of cash securities.

So, what happens then, in the case of Estonia say, when a citizen requests their personal identification information be erased in compliance with the GDPR. Leaving aside the havoc this will play with their ability to access healthcare, how does this play out? Do all the nodes on the blockchain have to agree to roll back their chain and amend the block? In principle this could happen, but it would be a lengthy process, and will put the chain out of action for the duration. And what about subsequent blocks that contain information based on the data in the amended block? Or a computer that was part of the original chain, but has since exited, for whatever reason. It would be impossible to track them down to see if the data is still lurking somewhere on their hard drive. And what happens if the network of blockchain nodes simply refuses? There is nothing really in it for them, after all, and it goes against the spirit of blockchain, which is a fiercely protected thing. Plus, who will the EU or national GDPR enforcers punish? Who are the data controllers and processors now?

Of course, private, permissioned, blockchains are a slightly different matter as it can be easier to gain consensus from the nodes for a deletion. But again, this starts impacting the value of blockchain and its immutability and decentralised nature, as well as raising issues around governance: as accountants, we know that you don’t correct an incorrect debit by deleting it, but rather with a credit.

Alternatively, and maintaining a level of governance, are solutions such as the one Accenture has prototyped that allows blocks to be edited, re-written or removed without breaking the chain. Plus, the edit leaves a “scar” so it is clear that the block has been changed. Accenture argues that the ability to modify the blockchain is required to make it commercially viable. Their prototype, they further argue, doesn’t downgrade blockchain to a regular database though, as organisation still get the benefits of data resiliency, integrity and security supplied by the built-in cryptography. Purists would definitely not agree, and I would have to say that they have a point.

Nevertheless, this is a stark illustration of how regulation and security very often lag innovation, and, if we are not careful, can bog it down or stop it in its tracks altogether. With GDPR still in its infancy, and the plan being to finetune the regulation during the first court cases, I wouldn’t want to be one of the vanguard guinea pig organisations that this gets tested on.

As published in Accountingweb - 28th November 2018

IDU's 10th Annual Conference - Futurescapes

On the 28^th February and 1^st March 2019 Financial Managers, Financial Accountants, IT Managers and Financial Administrators from a wide range of companies, industries and countries will again gather for two full days of conferencing at the 10^th Annual IDU User Conference 2019. The conference will be held at the Marriott Hotel, Crystal Towers, Century City, and we expect a record turn out to this event.

Attendees will be introduced to exciting new features and modules of idu-Concept; learn all the tricks and tips to maximise their use of the system and be able to attend in depth training sessions, where delegates can attain full IDU administrator accreditation certificates for topics such as Employee Remuneration Budgeting and Reporting and Analytics.

CEO Kevin Phillips will share the IDU Development Roadmap for 2019, and attendees will be able to provide input to influence the final result.

There will also be one on one access to IDU system experts and one on one meetings with IDU Consultants; exciting expert guest speakers and the chance to network and exchange ideas and best practice learnings with some of the best minds in the business.

The theme for the conference is Futurescapes. In today’s turbulent world, one of the few things you can count on is constant and rapid change. Responsive budgeting and real time access to the numbers ensures your business is able to adapt quickly when necessary.

IDU is constantly striving to innovate its cutting-edge software to provide financial management solutions that keep your business up to date – now and in the future. 

Each year we put together an impressive list of guest speakers. And this one will be no different. We are excited to welcome Sameer Rawjee as the first guest speaker appearing on day 1 of the conference. Sameer built his first Ed Tech company in university, which later became the core technology for a Mark Zuckerburg backed institution. He furthered his studies in Business and Design Thinking at University of Toronto and then went off to work for Google's Headquarters. Sameer founded the Life Design Lab at Google to study Human Purpose at Work, where there are more than 3000 Google employees from more than 50 countries enrolled. He is now the CEO of O School where he helps companies, like Soundcloud and Barclays, design their organizations for The Next Workforce - and where he helps High Schools adopt the Mars Curriculum to prepare their students for the Future of Work.
 

Registration is now open and there are limited spaces available, so go online to www.idusoft.com and click on the conference link to reserve your spot today. What’s more, delegates who register and pay before the end of November 2018 will receive a 10% early bird discount.

When economic times get tough, resist pulling up the drawbridge

This century has only just become an adult, but has managed to fit in an unprecedented amount of upheaval and disruption. From the September 11 attacks in 2001, through various wars, natural disasters, disease outbreaks and the global financial meltdown and subsequent debt crises. We’ve seen the launch of Facebook, YouTube and the iPhone – and that is just the tip of the technological iceberg that arrived on the scene. Then this year we’ve seen GDPR land, and the Brexit pendulum continues to swing causing the pound to see-saw. And all of that against the backdrop of a Trump presidency that continues to sow uncertainty on a global basis.

Is it any surprise that you might hear the sound of drawbridges being pulled up across the corporate world? Are you feeling the pinch as budgets are being tightened, again, as senior management doubles down on a strategy of retreat, keep your head down, and don’t do anything even vaguely out of the ordinary.

I’d say at this stage we should be used to managing our way and driving our business through this level of global and local disruption and change. We’ve been riding this wave for a while now, and it doesn’t seem like it’s dying out any time soon. We should accept that these crises are becoming the norm and that we need to find a way to navigate through them that positions us for growth and not decline once we emerge on the other side. 

But still, too often the tendency will be to batten down the hatches.

For financial managers this usually means, tightening up on expenses. Actually, that’s putting it mildly. Control gets ratcheted up to 11 and expenses get put under the microscope. Makes sense, right? Actually, not at all, so it’s worth revisiting why this is a very bad idea.

Don’t be tempted to micromanage your way through tough economic patches

One of the most fascinating effects of a recession, or other financial turmoil, is that fear and panic turns leaders, who previously saw their people as valuable team members, into autocrats who fixate on targets and are oblivious to everything else. As a result, spending becomes lean and managers turn into checkbox-ticking watchdogs.

It doesn’t take a HR guru to tell you that this is almost always counterproductive. This is the best way to demotivate a previously well-functioning team, and, demotivated employees are less efficient than their counterparts. I’m not suggesting adopting an indulgent approach when it comes to budgeting and expense management, but to rather take a smart approach.

Instead of tightly controlling your managers, give them control over their individual budgets. After all, only the manager really knows what costs can be effectively cut without having unfortunate consequences down the line. The way to do this successfully has two parts. First, ensure your vision and strategy is both inspiring and realistic, so that the people tasked with implementing it are convinced by it. Next, ensure there is a central, user-friendly space where information can be stored and easily accessed and shared. This probably does not look like an organisation-wide ERP system, which are often too complex for managers to understand. Inevitably misinterpretations arise, or the managers develop a parallel system of their own, somewhat flawed, and definitely out of date, spreadsheets.

Empower your managers with actual performance data that relates to their budget on a daily, not monthly basis. Information is transformative – it is persuasive, it inspires action and it clarifies goals and expectations for everyone. If you want your staff to pull together as a team, especially in tough times – equip with them with the right tools and information to do their jobs.

Now, your team will be empowered to make the decisions that only they are in a position to make, but you still have enough oversight to keep a close eye on the overall financial health and spending of the company. And then, despite any downturn, you’ll have happier, loyal employees; a clear picture of where you are in the world; and the confidence to lower the drawbridge and engage with the world, while your competitors are nailing the shutters into place and becoming a distant memory in the market’s mind.

As published in Accountingweb - September 2018

Don't forget about real life intelligence

The unintended consequence of forgetting people in the age of the machines

While there is a fair bit of moral panic over the idea that machines are going to take all our jobs -- some reports say that robots and artificial intelligence will replace almost a third of the workforce in the UK in the next 15 years – today it is more important than ever to keep your people front of mind. Especially when considering recruitment and succession planning.

Previously a wash, rinse and repeat approach was fine: make sure you have enough mini-me managers and leaders moving up through the ranks, and a good supply of top talent at entry level. This has all changed. Today you are recruiting for roles, like data scientists, that have no formal career path. You need to find people who are both comfortable working with machines, and flexible enough to change their roles as the machines get more capable. Despite the headlines, the sweet spot for the foreseeable future is going to be humans and machines working together. This last point became incredibly obvious during Facebook’s last earnings call, where it emerged that the company was hiring more people to filter inappropriate content, to make up for the limitations of artificial intelligence.

Finally, once you’ve hooked top talent with promises of barista coffee and a relaxed dress code in the job spec, you’ve got to keep them hooked. And you don’t do this by making them work in old-fashioned ways. In my world this looks like the way too many companies still do budgeting and forecasting. Usually this is done ineffectively using spreadsheets that get sent around the office like ticking time bombs. The process takes time and is open to errors, thanks to the limitations of spreadsheets compared to better, more up-to-date ways to do this task. This is also typically a top-down process, with finance dictating budget parameters to non-financial managers, so there is little chance for the budget to reflect the realities of the coalface of the business.

Working like this is not going to fly with the next generation. They digitalise and automate things in their day-to-day life, so why should they grapple with spreadsheets or any other out-dated systems, processes and hierarchies in the workplace? And worse, not having the freedom to innovate and fix these anachronisms and inefficiencies.

An example of this conundrum: There's a thread on the Workplace StackExchange site from 2017, where a developer asked for advice on the ethics of them having automated their job. They had been hired full-time to maintain a legacy database using SQL scripts.

The job was pretty boring, and after a year the person had written a program that completed a month's worth of work in 10 minutes. An added complexity is that the analyst who created the spreadsheet in the first place typically spent a fair bit of time verifying the completed work because the task was so mind-numbingly dull that it was easy to make mistakes. So ingeniously, the developer deliberately added a few bugs and errors every month, to make it look like a human did the work. In total, they spent one to two hours a week on what was supposedly a full-time job.

Interestingly, while the advice that followed was mixed, ranging from ‘fess up (and different ways to do this while still keeping their job), to keep doing what you're doing and don’t lose any sleep over it. But, the point most people had an ethical concern with, was the introduction of deliberate errors, which wasted other people's time and created the risk that the errors would not be picked up and so enter the live data.

In this case, the developer is a contractor working remotely, so the time they save is spent on things that are meaningful to them. But similarly, if full-time, on-site employees were empowered to innovate themselves out of their mundane jobs, they would free up their time to do more meaningful, creative, and strategic work in the business. Which is a win for the employee and a double win for the organisation – they keep their good people, and their operations are improved, dramatically.

The developer in the story above is an excellent example of someone who is quite happy working hand-in-hand with machines, plus is flexible enough to shift their role as the machines gain capabilities. Unfortunately, their current employment culture doesn't favour this, and in fact, works against it.

Which is a double whammy for organisations as they start to lose their best recruits, and also start falling behind the digital transformation curve. No number of C-suite appointments will transform your organisation without an influx of the new generation who understand your future market, because they are your future market. For real change, an organisation needs to drive this progress by hiring a lot of people at entry level who understand technology and its impact.

And then, this needs to be underpinned by a shift away from a top-down, command and control leadership culture and hierarchical org chart that is more suited to the industrial revolution and its assembly line. For companies to be nimble and responsive, they need to prioritise transparency, collaboration, trust and the free movement of the information people need to get their jobs done. This will enable better decision making and more ownership through the ranks.

So, it turns out, our machine-filled future is still all about the people.

As published on ITWeb - 14th August 2018

Legislating the digital goose

There’s always a fair bit of muddling through during times of massive change, as we see now at the dawn of the fourth industrial revolution. The trick is not to carry over old-school thinking into a new realm and limit your opportunities. I think we are facing a real risk of doing just this, looking at the impact data privacy legislation can have on a company’s ability to transform for a digital future.

A crucial part of digital transformation is doing business in an entirely new way. And the fallout from POPIA and GDPR could limit our ability to build nimble, flexible, digital organisations.

We’ve had to navigate the introduction of the Protection of Personal Information Act (POPIA) as well as the European Union’s General Data Protection Regulation (GDPR) in the last few months. I think that both these laws, which look at how personal identification data is collected, stored and handled, could have an impact on a company’s ability to succeed in the fourth industrial revolution. Partially because in many cases they are blunt instruments, and also because they don’t always seem to understand the digital landscape.

Of course, I agree that protection of personal data is essential: we’ve seen enough data breaches and unethical behaviour to know that they are a genuine threat. In addition, I, like most of us, am annoyed by constant unsolicited marketing calls and direct mail.

But a couple of things have caused me to raise a sceptical eyebrow and wonder how the outcome of compliance gels with running a future-fit company. For instance, some of the POPIA requirements that have been passed on to us from our clients, include locking down information to such an extent that the only way to do your job is sitting at a desk, in your office. This is completely opposite to a digitally-empowered, mobile, flexible, project-based workplace and the benefits of working in this way. We wouldn’t be able to pull together the best team for the project, or access real-time data via the cloud while on the go. Nor would we benefit from our team bringing their mobile devices into the workplace.

And GDPR has its own red flags, one of them being an individual’s ability to request, within a month, all the personal identification details a company holds on them, and also ask for amends or complete erasure. Think about the logistics of doing that. I’m not even sure it’s entirely possible given the knock-on impact this might have, in a set of reports, for instance. But also, it potentially heralds a return to big slam dunk ERP systems, whether or not they are best for the job, rather than best-of-breed services that do exactly what we need them to do.

While I agree with the need for data security, too many things about these corporate, “belt and braces”, approaches to data protection make me feel like this could be quite a big step back for our digital futures. Perhaps we need a bit more common sense and forward-looking thinking when tackling these challenges.

As published in Accounting SA Magazine – August 2018

Outsourcing: Time to get off the production line

Outsourcing is hardly a new concept. It allows us to effectively hive off non-core, yet still important, activities and outcomes to a specialist service provider, freeing up a company’s time, and ideally also budget, to focus on what we specialise in. We gain both time and money: basically oil and gold today.

But, like so many things, you can’t keep doing things the way they have always been done and expect to get better or different results. So, I wonder if it isn’t time to look at rethinking and transforming outsourcing to serve us more effectively, and to really buy us time.

In today’s “cult of busy”, we wear our busyness like a badge of honour. But perhaps we should start doing less and thinking more. Indeed, the “time is money” mantra so many people and businesses cling on to has its origin in the Industrial Revolution. The greater the number of hours the production line ran, the greater the output, the greater the profit.

And, like so many other things we still do today, such as working in a central location from 9 am to 5 pm, for instance, this constrained way of thinking and working is holding us back from evolving into future-ready organisations. It’s also not sustainable to work this way given the rate at which the world is changing. The Industrial Revolution production line is starting to wobble and increasingly needs to be patched and supported, using up even more of our time and resources.

We will never have enough time while we are focussing on old ways of doing things. Instead, we need to radically change the way things have always been done. Enter outsourcing. Back in the day, we started with outsourcing actual labour, such as cleaning services, logistics and delivery, data entry, etc.

Next, we happily outsourced technology and entire processes, such as payroll fulfilment. Individual companies don’t have to invest in the technology and expertise in-house to ensure that this important, yet non-core, activity is completed accurately and on-time every week or month. And cloud computing is essentially outsourced software. The programs are there when we need them, in the volumes we need at that moment, but we don’t have to worry about things like upgrades, or supporting the underlying systems.

Perhaps it’s time to push outsourcing itself to the next level. To date, we’ve typically outsourced processes lock, stock and barrel, without paying attention to the ongoing relevance of the underlying process itself. If we were spending too much time entering data into a system, we would outsource that function to someone who could do it faster and cheaper. We wouldn’t consider reviewing how we achieved the outcome, the important thing is that it was done. But as traditional ways of doing things date, and become less appropriate, returns start diminishing. In other words, you start gaining less time and saving less money.

This, I’d argue, is a legacy of a command-and-control management structure where the focus is on the oversight of getting the job done by following the approved steps, rather than disrupting the way things have been done. What if we were to outsource thinking about how a specific process could be done better, as well as the tools needed to do it. If you have read my column before, it will be no surprise when I use the example of basing budgeting around spreadsheets. Do we continue to do that because that is the way it has always been done, shipping spreadsheets from pillar to post at budget time, or do we stop to consider how this constrains our business from moving forward?

Instead of outsourcing an outdated process, lock, stock and barrel, we could, and perhaps should, outsource the process itself. For instance, in my data entry example above, we could outsource the task to an automation service provider that totally rethinks how our objective is achieved. Suddenly the economies and efficiencies that outsourcing promised us are a reality again. Now consider how you could apply this internally too. Instead of delegating a task to a subordinate, how about “outsourcing” it to them in the empowered fashion – allowing them to figure out how best to achieve the outcome.

So, consider, what other supposedly “core” competencies are you holding on to unnecessarily? How do we level up on getting rid of non-core responsibilities that are keeping us so busy? For instance, are we using the right tools and processes for the job at hand, or are we using tools and processes because that is the way things have always been done?

Question everything. Ask why things are done in a certain way and whether there is a better way to do them. A good place to start is with the processes and activities your people hate. There is no reason for the budgeting process to take months. It should take weeks. But if there is friction in the process it’s going to get bogged down and if your people hate doing something, there is usually a good reason for that.

And finally, default to transparency, the antithesis to command-and-control. Transparency encourages ownership, empowerment, collaboration and buy-in. And these are the things that drive businesses forward, ensuring the sum of the individual parts contributes to a greater whole than can be achieved by a dated, top-down, keep people in the dark, approach.

As published in Accountingweb - August 2018

IDU gets a big thumbs up from G2 Crowd

IDU are delighted to be voted as one of the best Corporate Performance Management (CPM) Solutions by G2 Crowd, one of the world’s leading business solution review platforms.

G2 Crowd leverages more than 381,000 user reviews to drive informed purchase decisions. Business professionals, buyers, investors, and analysts use the site to compare and select the best software and services based on peer reviews.

“At IDU we pride ourselves on our smooth rapid software implementation and on delivering exceptional customer service, as well as on how user friendly our software is. Of the top 10 rated applications IDU rated extremely highly in both user adoption and in quality of support, which speaks volumes on the achievement of both our strategic goals and for the product and quality of our staff and training.  This recognition from our customers and from G2 Crowd as well as the recent recognition by Gartner in their 2018 Market Guide for Corporate Financial Planning Applications shows us we are on the right track.” Says Kevin Phillips CEO of IDU Holdings.

IDU has over 300 clients and 35 000 users in an ever-increasing global footprint with users spread across 33 different countries, we are constantly innovating and are rapidly becoming a globally recognised brand. 

Our customers are the corner stone of our business and we listen to their feedback very carefully. Their satisfaction is the best measure of our success.

About G2 Crowd

G2 Crowd, the world’s leading business solution review platform, leverages more than 381,000 user reviews to drive better purchasing decisions. Business professionals, buyers, investors, and analysts use the site to compare and select the best software and services based on peer reviews and synthesized social data. Every month, more than one million people visit G2 Crowd’s site to gain unique insights. www.g2crowd.com

IDU features again in the 2018 Gartner Market Guide

IDU is recognised by top industry experts for its award-winning Budgeting and Reporting Solution for the second year in a row. “Gartner, the world's leading research and advisory company have published their 2018 Market Guide for Corporate Financial Planning Applications, and we are proud to be included”, says Kevin Phillips, CEO of IDU Holdings.

The Gartner Market Guide is independent and insightful, it highlights the rapid development of financial analytics technology, and the considerable opportunities that exists for finance professionals to take advantage of these developments.

The best Corporate Financial Planning Applications are determined by customer satisfaction (based on user reviews) and market presence (based on products’ scale, focus, and influence.)

Gartner’s confirms that finance leaders have only just begun to exploit the planning technology available to them. IDU streamlines the budgeting, forecasting and reporting process, saving a considerable amount of time and freeing up financial managers to be more strategic. This in turn allows business to be more agile and responsive, which is essential in a disrupting market.

IDU has over 300 clients and 35 000 users in an ever-increasing global footprint with users spread across 33 different countries, we are constantly innovating and are rapidly becoming a globally recognised brand. 

“According to the report, the cloud, and more-powerful embedded analytics are providing new opportunities to significantly improve the corporate planning process and to more effectively optimise organisational performance and guide strategic direction”.

IDU are at the forefront of these trends and our software is available via the cloud using Microsoft Azure as well as Amazon Web Services, the latter has opened the door for smaller and medium sized organisations across the world to access our cutting edge financial management solutions quickly and cost effectively.

We also offer Bring Your Own Licence (BYOL) model via our partners CipherWave, using cloud hosting and hardware and reducing capital expenditure in on site IT infrastructure. The BYOL offering allows the client access to the full Enterprise edition of idu-Concept, and all the additional modules available within the software, yet with the benefit of no capital expenditure in on site hardware

About IDU

IDU makes budgeting, forecasting, performance management and reporting tools to simplify financial management. Our flagship product, idu-Concept, provides easy, effective budgeting and financial reporting for medium-sized to large businesses. It is the most widely deployed dedicated budgeting system in South Africa. idu-Concept integrates easily with ERP software, but unlike more cumbersome offerings, idu-Concept can be implemented quickly, requires little or no ongoing consulting fees and reduces budgeting cycles from months to weeks. idu-Concept addresses this establishing a platform of ownership and empowerment that inevitably leads to radical improvement in the effective management control of every business. 

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner “Market Guide for Corporate Financial Planning Applications” by Christopher Iervolino and John E. Van Decker and Ranadip Chandra.  Published 9 August 2018. 

Don’t put new, square pegs into out-of-date, round holes

I’ve previously written about how succession planning is going to change in the Information Age. That, instead of grooming mini-me managers and leaders, we’re going to have to focus on reskilling people as their roles get encroached on by artificial intelligence. Plus, we’re going to have to start hiring people who, firstly, can work with machines, and, secondly, are flexible enough to adjust their roles and careers as the machines get more proficient – in the near future, in any case, it seems that humans working side-by-side with robots, both physical and software, is going to be the productivity sweet spot.

But there is a more significant role that these adaptable, machine-friendly recruits are going to have to play. For many companies, they are also expected to drive the digital transformation that is going to help the company ride out the fourth industrial revolution. Companies, it seems, are hoping to growth hack their digitalisation from the bottom up.

And this approach has a lot of merit. For instance, a 2018 PwC report on emerging trends points out that, it’s one thing to appoint a chief technology or chief digital officer and to hire more people with science and engineering backgrounds. But, for real change, the report says, an organisation needs to make a generational shift. And that this means driving change by hiring a lot of people at entry level who understand technology and its impact.

Put simply, hire the people who understand your future market because they are your future market now. That makes total sense. These are people who are extremely comfortable with technology because, for them, it’s always been around. This means they are not constrained by the way things have always been done, and they can see new and innovative ways to apply digital technology in your company. This ranges from new products and services to extend your market share, to better ways to get things done on a day-to-day basis.

But this creates something of a catch-22. Just as twenty years ago you wouldn’t have been able to recruit the top entry-level accountants if you insisted they worked with comptometers, today you won’t attract and keep top talent if you insist they work in old-fashioned ways. No matter how many trendy perks you whitewash your job ad with, all the foosball tables, popcorn machines and barista coffees won’t retain a new hire who is being forced to work in an antiquated way and made to do boring, repetitive work that could be done in a better way. Not if they are good, in any case.

And the thing that businesses need to realise is that the adoption of technology should be a manifestation of a deeper and more existential shift companies need to make to ensure their success in the future. Take, for instance, a subject close to my heart, the budgeting and forecasting process. Traditionally this is done ineffectively and inefficiently using spreadsheets. This takes time and is open to errors as spreadsheets get emailed from pillar to post. It is also typically a top-down process, with the finance function dictating budget parameters to non-financial managers.

Inappropriate software is used because “that’s the way it’s always been done”, and “it’s worked fine up until now”. Spreadsheet errors, lack of tracking and version control, the time taken, and the sheer, mind-numbing tedium of it all is assumed to be unavoidable. Strike #1 for that millennial new hire who can see from a mile off that there is a better way to do things. They digitalise and automate things in their day-to-day life, so why should they grapple with spreadsheets or any other out-dated systems and processes in the workplace?

But more alarming is the top-down, hierarchical, command-and-control culture that goes hand-in-hand with this old way of working. This style of leadership might have suited the industrial revolution and its assembly line culture, but it is no longer relevant, or helpful today. Strike #2 for the millennial, who by default assumes responsibility.

For companies to be nimble and responsive, they need to prioritise transparency, collaboration, trust and the free movement of the information people need to get their jobs done. They need to enable better decision making and more ownership through the ranks.

You are not going to be able to hire the top candidates to take you into the future if you don’t make some profound shifts now. Start questioning those “this is the way we’ve always done it” processes and pave the way to attract and keep the top talent that will assist you as you navigate your path to the future.

The alternative - strike #3 and you’re out, and your top talent is very quickly going to move on, perhaps to a competitor, leaving you a treacherous path to navigate without a seasoned guide.

As published in Accountingweb - 19th July 2018

The unintended consequences of POPI and GDPR

It feels like it is one step forward and two steps back at the moment. Yes, we’ve beefed up the protection of personal identification data with the Protection of Personal Information Act (POPIA) in South Africa, as well as its big brother, the European Union’s General Data Protection Regulation (GDPR).

But I’m wondering what that means for ongoing digitalisation and innovation, as we disrupt our businesses and markets to ensure we survive in the fourth industrial age. At the heart of much of this innovation lies data, and I’m wondering if POPIA and GDPR might be cutting off, or at least severely curtailing, this lifeblood.

A crucial part of business transformation is tapping into the massive amount of data we have from customers, our internal business operations, and the multitude of devices that connect on our behalf without us even thinking about it. Look at Uber, the poster child for disruption of an established business model. It uses location data to link drivers with fares, and pricing and traffic algorithms to set the price for the trip. And many (most?) of us, especially millennials, are more than happy to share our personal identification data – in this case, location and credit card details, with services that give us value in return.

These laws appear to be taking a sledgehammer to the fact that we “pay” for services such as Facebook with our data, and that many of these digital services rely on our, and others’, data to work their magic. Organisations absolutely should be transparent and ethical with how our data is stored and used, and which third parties have access to it. But I am worried we have gone too far in the other direction.

Certainly, if you do not like Facebook’s use of your data, you can delete your Facebook profile and not use the social media platform. (The company is researching the option for a subscription-based, ads-free option, but I have my doubts over what the uptake would be.) But, take for instance my car insurance, which includes vehicle tracking to monitor my driving, reward me for good, safe driving habits, and also sending out emergency services to me and my car in case of an accident or breakdown. If I were to withhold my geolocation data, as I could do under the GDPR, it would be impossible to offer me this service, which is unquestionably of benefit to me.

Another example. There is no doubt that smartphone-based traffic information services such as Google Maps and Waze have made navigating cities at rush hour less of a chore. Yet services like these rely on a community willing to share their location data. The more data, the better the service, and conversely, the sparser the data, the less helpful the service, until, if everyone opts out, the service fails.

Although the GDPR is an EU legislation, you’ll have noticed the flurry of updated terms and conditions when it launched in May this year. It goes to show how borderless the digital world is, as it affects South African companies who have European customers, newsletter subscribers, or shareholders, as Liberty Holdings may find out after its June hack. And with the US, Australia and India already indicating they will follow the European Union’s lead, there is no doubt this will soon be the global standard.

There are a couple of rights that the GDPR grants individuals that I am specifically concerned about in terms of our data-driven future. Notably the right to have all or some of your personal identification data erased; the right to request a company stop processing your data; and finally, the right to ask for manual, not automatic processing.

How does this synch with a data-driven world where insights about our individual and collective data drive progress and a better life? With quantum leaps forward in computer processing power just around the corner, I wonder what life-improving discoveries are going to be made by data crunching algorithms that we can’t even dream about today. Yes, some of these are likely to be better ways to sell us stuff, but others could be breakthroughs in medicine, or climate change, or smarter cities or smarter apps making our lives easier. We need to be careful about hamstringing our digital future, before we’ve even got there, and unfortunately current legislation, if applied to the letter of the law, may well be doing just that!

As published on ITWeb - 10th July 2018 

Re-writing history with the GDPR time machine

I recently had a conversation with someone where they told me that they had to politely explain to an employee that yes, they could delete their banking details from their HR system. This would be in line with the new General Data Protection Regulation (GDPR) requirements that say that people can check all the personal identification details a company holds on them, and then request that all, or some, are deleted within 30 days. The person then went on to explain to the employee that if they were to delete the banking details, the company would have no way of paying them their salary at the end of the month.

Similarly, on leaving a role an employee can ask their previous employer to erase all of their personal information. However, this obviously prevents the ex-employer from providing them with a reference in future.

Without taking away from the importance of having control over how our personal information is collected, stored and processed, I wonder if we haven’t gone too far with the GDPR. How would an ex-employee’s right to erasure work in practice? Personnel files would be reasonably easy to find and delete, especially if they were digital. The company would need to figure out if any hard copies had been made, and where they were. Formal archives are one thing, but random copies in the back of the finance director’s filing cabinet or on USB sticks are another.

Now consider last year’s budget, or the year before, where Pete was included and identified in the detailed salary budget. Erasure would mean that the budget does not balance, so instead we would “anonymise” Pete, retaining his values, but masking his name. Think that one through for a minute in the context of staff churn ratios… Looking back a year or two to understand how the budget was made up could result in a list of “AN Others”, depriving the reviewer of the ability to analyse or understand the context and build-up of the budget.

Another thought, what happens in an audit, external or tax (potentially going back seven years), when you cannot provide details to support entries in the accounts because the person’s personal details have been deleted as sanctioned by GDPR. Will the taxman accept this as satisfaction of an audit query? I suspect not.

Furthermore, in a digital world, our personal data footprint spreads far and fast. Sure, on the one hand it’s probably easier to search than paper information, but on the other: what a tangled web our digital lives are. That former employee’s email address in a chain of emails involving other people? A company newsletter with a captioned photograph of a team-building event, including the employee? A LinkedIn post written by that employee on behalf of the company, with a lively debate in the comments? Does other data, communication and content simply get razed to comply with the GDPR? “Sorry John, I know this was a valuable conversation with a customer and it would be good to keep a record of it, but it’s got to go because it mentions Pete. And, by the way, please delete all the copies you might still have of the newsletter from four years ago and replace it with this redacted one. Yes, I know we’ve ruined the picture by blanking out Pete’s face, but it is what it is…”

How is this workable? And is this even necessary: unless you are Jason Bourne, does it matter that you appear photographed with the winning company quiz team of 2014? Yet companies of all sizes could potentially get bogged down in administration, hunting down the most ephemeral of mentions within the 30-day compliance period. In the long-term, companies may reassess their corporate communications, or the systems they use – favouring one-system-to-rule them all to make searching for data easier, rather than best-of-breed systems that allow their people to do their best work. Or do companies start asking employees to opt out of their right to erasure to cover themselves for that one-time Pete is mentioned in the company newsletter? And would that even be legal?

One needs to ask when does personal data become company data? History can’t be changed, Pete was a part of the company, Pete’s salary was a part of the budget last year. The blog and the company newsletter represent the history of the company. Both the budget, the blog and newsletter are company property and reflect, in different ways, the company’s history. Does GDPR extend to changing or re-writing that history?

Some of the examples may seem a bit tongue in cheek but if one applies the letter of the law in it’s most draconian interpretation…. It is early days yet: the GDPR has only been in place for a month and no doubt some of these details will get ironed out as we go. But with the US, Australia and India already indicating they will follow the European Union’s lead, there is no doubt this may rapidly become the global standard. And the number of GDPR notifications I am seeing from South African companies today is an indication of how borderless the digital world is. I hope we haven’t just hamstrung our ability to operate in an increasingly digital, data-driven world, by bogging it down in bureaucracy.

 As published in AccountingWeb 26th June 2018

https://www.accountingweb.co.uk/community/blogs/kevin-philips/re-writing-history-with-the-gdpr-time-machine 

Sailing the digital sea

That the world is a much smaller place thanks to the internet and digital communication technology has probably not escaped anyone’s notice. But are you truly harnessing this to do your business better, and to grow beyond South Africa’s borders?

Gone are the merchant vessels of yesteryear circumnavigating the globe by sea to sell your products. Today the internet creates an even more extensive marketplace at the click of a button. To me, this presents three clear benefits for South African companies. Accessing best-of-breed, up-to-date and fit-for-purpose technology for your organisation is one of them; working more closely with your team, wherever they are, is another; and finally, growing your business beyond South Africa’s borders in a low risk, low cost, incremental way.

Thanks to advances in cloud computing, and the Software-as-a-Service (SaaS) model, you can pick and choose from a myriad of vendors offering a range of services, not only the ones who have (quite expensively) set up shop locally who may or may not have the exact solution you require. The difference is a bit like that between going down to your local mall, or shopping via Alibaba – except with instant delivery via the cloud.

Indeed, some of the services you access online may be the collaboration, video conferencing and chat tools that enable your team to work better together, wherever they are. Think of these tools as FaceTime for business! You’ll know I am a big fan of involving those at the coalface of your organisation in the budgeting process, and cloud-based collaboration is a great way to get this right.

But what about support for these web products? Interestingly enough, this can also improve, thanks to the providers’ use of many of the same online chat and collaboration tools, giving you instant and secure access to the exact experts who can solve your problem. And in here lies possibly the area of greatest interest for the SME to mid-market company in South Africa looking to expand.

Today globalising your business does not mean that you have to open an office on the other side of the world, employ a range of staff and train them to do what you and your team can do here. This is costly and has been the root cause of many great plans coming to nought as the start-up and initial day-to-day operational costs overseas sink the dreams before they have a chance to flourish.

The cloud-based communication and collaboration services that are now available are the key to you expanding your business outside South Africa. Online video conferencing tools have replaced many face-to-face meetings, and collaboration software is keeping everyone on the same page. This reduces travel costs and all but eliminates otherwise dead travel time, is less invasive for clients, and means you can keep face-to-face meetings for when they really matter.

I can’t promise it will be plain sailing at the outset, as there is always a degree of resistance to the digital world and the lack of a physical presence of a company from the organisations still invested in the 20^th century, but the tide is turning. So weather the choppy water as you leave the harbour, look out to the widened horizon, and ride the globalisation wave.

As published in ASA Online Magazine - 1 June 2018

https://www.accountancysa.org.za/advice-sailing-the-digital-sea/ 

GDPR is coming: lessons from the South

On 25 May 2018, the General Data Protection Regulation (GDPR) comes into force. Thereafter it will apply to those of us around the world doing business with customers in the European Union. As a region, the EU is the third largest global trading partner of South Africa’s, so we’re certainly paying attention. 

It is worth saying that in principle it is essential that data protection laws move with the times, especially in a digital, cross-border world where your personal data is stored in the cloud, potentially anywhere around the globe, even though you might be dealing with a local company. I, as much as anyone, am annoyed by relentless unsolicited marketing calls and direct mail. And we’ve seen enough data breaches recently to know that they are a very real threat, and that companies should be obliged to report them speedily to minimise their impact. 

The devil is in the detail, however, and the burden on small and medium-sized businesses – ostensibly the lifeblood of economies that want to grow – is potentially crippling. According to the World Bank, formal SMEs contribute up to 60% of total employment and up to 40% of national income (GDP) in emerging countries. In South Africa, SMEs added 36% of the GDP in 2017, and the government has pegged its hopes on this sector contributing 9 out of 10 new jobs by 2030.

So, what’s the problem?

Well, in South Africa we are also planning for the enforcement of our own local data protection law, the Protection of Personal Information Act, affectionately known as POPI. And to ensure compliance, corporate South Africa is starting to get its ducks in order. However, it seems what this roughly translates into is the large corporates (with seemingly endless manpower and budgets) pushing their compliance protocols onto their supply chain with an instruction that they must implement the same or be registered as non-compliant. One has to ask whether the, typically SME, supplier can realistically and financially replicate the security protocols of their larger clients?  

And then along comes the double whammy. Enter large customer number two, with a similar volume of compliance protocols, except they are only similar, not identical to the first customer’s protocols. To illustrate, let’s assume large customer number one insists on security IDs for your staff to provide access control to your building, but large customer two insists on biometric security. Are you really expected to put both in place to be compliant with each customer? And then expect your staff to actually jump through these hoops just to enter the building? 

I am currently reviewing a number of 40-pages-plus contracts to ensure POPI compliance from various of our blue-chip customers and can confirm that, to ensure compliance across the board, it’s not entirely implausible that, for instance, we may indeed need fingerprint and retinal scanners to be installed at our offices to meet specific prescribed access control requirements. Or for our employees and consultants to never be able to take their laptops home with them – and if they were to, they would have to be transported by a security company. I’m not sure what these requirements would mean for access control and other compliance in employee homes, nor for smartphones, which are typically owned by employees and have full access, thanks to the cloud, to most information available via a laptop.  

This sounds ridiculous, but it is not impossible based on how POPI is being implemented on the ground, and the fact that as a business, we simply can’t walk away from our largest clients. Nor can we risk non-compliance, where the penalties would be a breaking point for SMEs. The fine for contravening POPI is R10 million (around GBP600,000), and maybe we have it light when you consider the fines for GDPR contravention is EUR20 million (around GBP18 million) or 4% of global turnover. Ouch! I don’t know that many SMEs that could handle that!  

Expense and practicality aside, these requirements also fly in the face of modern working practices, which enable collaboration, reduce distance and the need for traveling time and costs. I am of course referring to new technologies coming into and changing our daily work environment such as video conferencing, screen and machine sharing across the web, and being able to pull the best team together, from anywhere in the world, to work on specific projects. These are all exactly the sort of benefits nimble SMEs and independent contractors offer to big corporates and yet they will be effectively outlawed by the corporate, “belt and braces”, approach to implementation of this legislation.  

So, while I agree with the need for data security, I feel like the legislative approach is one step forward and two steps back, and that we have erred too far on the side of protecting individual data, over enabling the building of our digital futures. Perhaps we need a bit more common sense and forward-looking thinking when tackling these challenges. GDPR is coming, be prepared for the unintended consequences of compliance!

As published in AccountinWeb - 8th May 2018

https://www.accountingweb.co.uk/community/blogs/kevin-philips/gdpr-is-coming-lessons-from-the-south