This content was created by the Data Sharing Coalition, one of the founding partners of the CoE-DSC.
As the market leader in financial and business software, our participant Exact has been offering financial insights for many internationally operating organisations for many years. One of Exact’s major ambitions is to have financial processes run fully automated by smart technology, among others by integrating its software with many other applications. Always with the important principle that Exact customers not only remain in control of what happens with their data, but can be ensured exchange of their data happens in a secure way. A principle that is shared with the Data Sharing Coalition and a reason for Exact to become one of our participants. We spoke with Dimitri Braakman, Commercial Product Manager Connectivity & Mobile at Exact about why Exact believes standards are key to foster secure and controlled data sharing.
The customer in control of whether or not to share data
“Of course, it is important that the processing and sharing of data is done in a secure way. However, it is even more important that our customers remain in control of what happens with their data”, Dimitri emphasises. “Data that is managed by Exact is never shared without the consent of a customer: without organisations’ explicit permission, we’ll never share any of their data with any other parties. The software always clearly indicates which data is involved, ensuring the customer is well-informed before granting permission. It also helps to avoid that, for example, an organisation that deals with credit management also gets access to data they do not really need to have access to, such as salary data.”
It is not a given that any organisation gets access to data that is managed in Exact. Before data sharing takes place, every party that wants to integrate their application with Exact must go through a thorough technical review process. Dimitri: “A party must be able to make very clear what is the purpose of its application and explicitly indicate which data of our customers it desires to get access to or which data it even desires to manage itself. Besides, when an application wants access to more data over time, customers will always be asked for consent, so they can determine for themselves whether or not this is desirable.” During the online review process, Exact also sets strict requirements for the security of an application, says Dimitri. By letting parties answer questions such as “Is the API key encrypted on their own database?”, “Is there a good privacy policy?” and “Under what conditions is data stored?”, we can ensure ourselves that an organisation that wants to integrate their application meets our conditions.”
Ideally, all parties in a chain handle their data in the same way, while putting the customer (back) in control.
Safe and controlled data sharing thanks to widely supported standards
Integrating applications through an API is a good way to share data, but not the most ideal way, Dimitri explains. “Integrating applications by means of an API is a time-consuming and expensive exercise. And no matter how extensive our review process is, 100% control and security of data can never be guaranteed. When an organisation decides to ignore the conditions we set beforehand, data will still be at risk. For example, by sharing data with parties for which the data was not intended or by insufficiently protecting its own software. Of course we can always disconnect an application and start legal proceedings. However, when an application that is integrated with Exact failed on security, in the event of a data breach, the damage has already been done.”
Widely supported standards for data sharing offer a solution, Dimitri explains. “Ideally all parties in a chain handle their data in the same way, while putting the customer (back) in control. The more organisations use the same standards, such as iSHARE, the more certainty one can offer in the field of data control and security.” Recently, Exact also joined the Smart Connected Supplier Network (SCSN), which enables an easy exchange of data related to orders, invoices or technical product data with other organisations that are connected to this network. Dimitri: “By joining this network, organisations that want to exchange data no longer have to integrate each other’s software by means of APIs. SCSN consists of both a message standard and a technical infrastructure based on the International Data Spaces Association (IDSA). Since all participants have committed to the same agreements for data sharing by joining this network, they can be sure that it is done in a safe and controlled manner, without the need for making new agreements each single time.”
Working towards cross-sectoral agreements for data sharing
It was a logical choice for Exact to become a participant in the Data Sharing Coalition, Dimitri explains. “With data sovereignty, The Data Sharing Coalition and Exact share a key principle for data sharing. We also find it very important that data is managed and exchanged securely. The more organisations comply with the same standards for data sharing, the better. And the broader data sharing standards can be applied, the greater the chance that this will happen. Since the agreements that the Data Sharing Coalition is working on are cross-sectoral, these can certainly lead to broad adoption of the market, fostering secure and controlled data sharing.”
Are you interested to contribute to defining and realising new cross-sectoral use cases of data sharing? Please send us an email: info@coe-dsc.nl
