The advent of the General Data Protection Regulation (hereinafter GDPR) meant that EUR had to demonstrate that it complies with all privacy regulations in the context of accountability. An important step to accomplish this was to gain insight into the current situation. So, in other words:
- What personal data are being processed
– Who (inside and outside EUR) are processing personal data
– The legitimacy of these processing operations (purpose and basis)
– How do we process these personal data (what is the process and what applications are used in the process)
– How long do we keep personal data
Highberg supported the EUR in mapping the processing of personal data and unlocking this data in a BI / reporting tool. To map the current situation, the choice was made to do this under architecture. Architecture is usually a connecting factor between people, process, application, data (including personal data) and infrastructure. Architecture is therefore extremely suitable for getting in control of the GDPR.
The data in the BI/reporting tool is enriched with data from the service management software and privacy software. This provides information about the processing of personal data as well as privacy-related notifications and requests. A dashboard was then built into this tool. The dashboard gives the EUR the following results:
- Ability to monitor and manage privacy risks based on assessment framework derived from the GDPR obligations and requirements
– Insight into the status of the GDPR implementation
– Insight into which departments, processes and applications are processing personal data
– Insight into privacy-related notifications and requests, and what their status is
All in all, precisely the combination of expertise from the privacy domain, combined with architecture and BI was of great added value to the EUR in supporting its ambitions regarding the GDPR legislation.
Contact Laura Natrop for more information.
