Get a grip on the GDPR with architecture
By now, the GDPR has been in effect for some time. Everyone has been busy with it over the past few months. The Dutch Personal Data Authority (AP) is monitoring compliance, and indeed, it is doing so more and more strictly and occasionally they set an example. You yourself, of course, must also monitor compliance with the GDPR. But how do you do this? How do you get a grip on this? Perhaps you have followed the AP's 10-step plan for this. However, this does not yet mean that you comply with the GDPR. How do you know where you are at risk of non-compliance, damage claims and image and reputation damage?
Stop all those fragmented registrations
Some overviews and documents that organizations commonly use for GDPR compliance include: the registry, processor agreements and policies.
For example, you first look up in the registry which processing operations may put you at risk. Then you look at which applications you use in this, what data you process in them, access to them, and then look at whether they are SaaS solutions and whether there is a processor and you have a processing agreement for this. In short: a multitude of fragmented actions, measures and registrations.
We often see organizations trying to group all this information into one master Excel or tool. Unfortunately, this is suboptimal. After all, you can't properly display and share a status or progress of measures in one overview with all stakeholders here. Nor can you create all the necessary cross-sections you need to manage (on, for example, processing operations, type of personal data, applications, third parties, departments, processes). Thus, organizations think they are in control on GDPR measures, but at the same time are not good at assigning KPIs that enable real steering on GDPR measures.
Use architecture as a one stop shop
Getting in control on GDPR should be easy with all the technologies and knowledge available today, right? We think so: you can do this by housing all relevant GDPR information in your architecture
Architecture is the connecting factor between people, processes, applications, data (including personal data) and infrastructure. By working with an architect, the "privacy officer" gets a very good idea of how these are connected and can zoom in specifically on personal data. By properly filling the architecture and unlocking it with standard BI / reporting tooling, powerful GDPR risk dashboards can be generated.
These GDPR risk dashboards enable privacy officers to easily prioritize risks and structurally monitor the progress of improvement measures. Managers and directors also gain insight into the state of affairs and can start exercising control. In this way, privacy becomes something for the entire organization. After all, privacy is a joint responsibility. Such a GDPR risk dashboard can help organizations make the steering and control of GDPR measures much stronger. Both the director, the architect in the CIO office and the privacy officer can create a clear win-win-win with this.
Would you like to know more about our GDPR risk dashboard and other practical solutions to get a grip on the GDPR using architecture? Then feel free to contact us.