In April 2016, the European Parliament adopted the European Union General Data Protection Regulation (GDPR) – officially EU 2016/679 – which came into effect May 25, 2018. GDPR replaces the existing data privacy regulation, the 1995 EU Data Protection Directive (DPD), and introduces new, stricter provisions, particularly around personal data. The legislation directly impacts all companies based in, or doing business with, companies/individuals based in the European Economic Area (EEA), which comprises the European Union, Norway, Iceland, and Liechtenstein. Many organizations are grappling with the massive changes that the regulation mandates. Robotic Process Automation (RPA) has a significant role to play in alleviating some of this pain. This view point looks at: GDPR and its implications for organizations, particularly in terms of administrative overheads The role that RPA can play in helping automate GDPR-related administrative tasks and functions The implications of GDPR on sourcing / service delivery models and the RPA angle in such decisions The case for digital transformation and superior analytics driven by GDPR compliance, and a framework to work through the automation play Membership(s) Service Optimization Technologies (SOT)

In April 2016, the European Parliament adopted the European Union General Data Protection Regulation (GDPR, officially EU 2016/679) that came into effect in May 2018. The regulation replaces the 1995 EU Data Protection Directive (DPD) and introduces new, stricter provisions. The legislation directly impacts all companies based in, or doing business with companies/individuals based in the European Economic Area (EEA), which comprises the EU, Norway, Iceland, and Liechtenstein. With GDPR, one of the biggest disruptions in data privacy space, already in effect, organizations should be off the mark from the data protection enablement standpoint. As organizations embark on their transformation journeys, taking not only a legal but a comprehensive view of data privacy is imperative. This includes understanding the implications of the law from the industry, technology, locations, and vendors’ standpoint. In the first part of our series of whitepapers on GDPR, we looked at key changes proposed by GDPR and their impact on global service delivery through the lens of increased overheads, opportunity for transformation, and push towards consolidation. In this whitepaper, we highlight second-level insights into the business implications of GDPR across multiple industry verticals. This includes perspectives on susceptibility to data breach, typical data flow structure, and related data privacy considerations across different industries. In the next edition of our series of whitepapers on GDPR, we will focus on business implications of GDPR from the standpoint of technologies, locations and service providers. Keep watching this space for more! Membership(s) Banking and Financial Services (BFS) - Business Process Outsourcing (BPO) Banking & Financial Services (BFS) - IT Services (ITS) Catalyst™ Cloud & Infrastructure Services Customer Experience Management (CXM) Locations Insider™ Market Vista

The European Union’s adoption of General Data Protection Regulation (GDPR), that has come into effect from May 2018, directly impacts all companies based in, or doing business with companies/individuals based in the European Economic Area (EEA). This has put pressure on organizations to comply with its stipulated requirements for data (both steady state and in-transit). As enterprises invest in their compliance, security, and risk initiatives, they are relying on the support of service providers to not only discover sensitive and personal data, but also enable their GDPR compliance. Service providers, as a result, are investing in developing capabilities to enable this GDPR journey for their clients. These investments include development of proprietary solutions to discover data, expansion of their partner ecosystems, and nurturing of their workforce to be GDPR-ready. In this research, we present the assessment and detailed profiles of eight IT service providers featured on the GDPR services PEAK Matrix™. Each service provider profile presents a comprehensive picture of its service suite, scale of operations, and domain investments. The assessment is based on Everest Group’s annual RFI process for the calendar year 2017, interactions with leading GDPR service providers, client reference checks, and an analysis of the GDPR services market. The report covers the following: Market trends in the GDPR services space Imperatives for enterprises and service providers PEAK Matrix assessment of GDPR service providers Profiles of eight GDPR service providers Membership(s) Application Services

The European Union General Data Protection Regulation (GDPR) will come into effect on May 25, 2018, superseding the existing 1995 EU Data Protection Directive (DPD). The new law, which will be passed into regulation in all the EU member states by the deadline, expands the rights of individuals to control how their personal information is collected and processed. The GDPR regulations are expected to affect all industries but the impact on the life sciences vertical is likely to be relatively greater, owing to the large volume of complex sensitive data that is currently processed by relatively less mature IT systems. Each stakeholder in the life sciences ecosystem, comprising pharmaceutical firms, medical device manufacturers, CROs, and their complementary technology partners, faces its own set of impediments in complying with GDPR, and hence, can be expected to focus on its own unique and distinctive priorities in the run up to the GDPR deadline. To understand the impact GDPR will have on the life sciences ecosystem, Everest Group looked at some basic questions such as: Why GDPR is extremely relevant to the life sciences industry? What impact will GDPR have on the life sciences ecosystem as a whole? How each stakeholder in the ecosystem is likely to react to these new guidelines? What are some of the steps already taken by organizations in a bid to become GDPR compliant? Membership(s) Healthcare & Life Sciences IT Services (ITS)

Offshore, nearshore, and onshore locations play a critical role in delivery to the UK and Ireland. Over the last few years, demand from UK- and Ireland-based enterprises has increased significantly across IT, voice BPS, non-voice BPS, and digital services. This report provides a detailed assessment of locations (globally) supporting demand from the UK and Ireland region. This report takes a close look at the current landscape of key offshore, nearshore, and onshore locations being leveraged by UK- and Ireland-based enterprises to support service delivery. The report provides a detailed assessment of these delivery locations in terms of their value proposition from a cost-talent-risk perspective. The report also aims to assist enterprises in shortlisting delivery locations by evaluating factors such as maturity (by function/process), regulatory changes, technology trends, and impact of Brexit on sourcing strategy of companies. Scope Information Technology, non-voice BPS, and voice BPS (contact center) services (including digital services) delivery from global in-house centers as well as third-party service providers to UK and Ireland-based enterprises Global locations in the study include London, Manchester, Dublin, Glasgow, Belfast, Cape Town, Bucharest, Krakow, Warsaw, Prague, Budapest, Delhi/NCR, Bangalore, and Metro Manila. London is used as a baseline location for comparison of operating cost Assessment of the above-mentioned cities for delivery to the UK and Ireland across the following dimensions – operating cost, entry-level talent availability, experienced resources, skills, risks, and maturity Contents This report shares Everest Group’s perspective on global locations as a source/delivery geography for the UK- and Ireland-based enterprises. Key topics covered are: Market overview of global services demand from UK and Ireland – size and segmentation Major locations delivering global services to UK and Ireland Detailed assessment of value proposition (including cost, talent, market activity, risk, and maturity) of leading locations delivering to the UK and Ireland MAP Matrix™ of leading locations delivering services to the UK and Ireland Key trends likely to impact demand from the UK and Ireland Membership(s) Locations Insider™

In April 2016, the European Parliament adopted the European Union General Data Protection Regulation (GDPR, officially EU 2016/679), which will come into effect in May 2018. The regulation replaces the 1995 EU Data Protection Directive (DPD) and introduces new, stricter provisions. The legislation directly impacts all companies based in, or doing business with companies/individuals based in the European Economic Area (EEA), which comprises the European Union, Norway, Iceland, and Liechtenstein. Owing to the stringent and punitive provisions of GDPR (especially the possibility of multi-million euro fines for non-compliance), we believe that all organizations that hold or process personal data will experience some disruption in service delivery. This will span not just delivery portfolios based in the European Economic Area, but global delivery portfolios across functions (IT, business process, contact center, and digital services). This viewpoint aims to look beyond the short-term impact (tactical changes to achieve compliance) at the long-term and far-reaching strategic impact on the key components of global services delivery strategies: Process, Sourcing models, Service providers, Locations, Governance, and Contracting; and try to assess whether the disruption caused by the regulation has a silver lining (e.g., opportunities for transformation and push towards consolidation). In a second edition of this viewpoint, we will evaluate some of the above implications on global services delivery in more detail, e.g., transformation of offerings of service providers and impact of GDPR on service delivery across various industries. Keep watching this space for more! Membership (s) Market Vista Locations Insider Banking and Financial Services (BFS) - Business Process Outsourcing (BPO) Banking, Financial Services & Insurance (BFSI) - Information Technology Outsourcing (ITO) Catalyst Cloud & Infrastructure Services Contact Center Outsourcing