What are you looking for?

Article

Get a grip on the GDPR with architecture

3 min read
December 21, 2023
Get a grip on the GDPR with architecture

Stop all those fragmented registrations

Some overviews and documents that organizations commonly use for GDPR compliance include: the registry, processor agreements and policies.

For example, you first look up in the registry which processing operations may put you at risk. Then you look at which applications you use in this, what data you process in them, access to them, and then look at whether they are SaaS solutions and whether there is a processor and you have a processing agreement for this. In short: a multitude of fragmented actions, measures and registrations.

We often see organizations trying to group all this information into one master Excel or tool. Unfortunately, this is suboptimal. After all, you can’t properly display and share a status or progress of measures in one overview with all stakeholders here. Nor can you create all the necessary cross-sections you need to manage (on, for example, processing operations, type of personal data, applications, third parties, departments, processes). Thus, organizations think they are in control on GDPR measures, but at the same time are not good at assigning KPIs that enable real steering on GDPR measures.

Use architecture as a one stop shop

Getting in control on GDPR should be easy with all the technologies and knowledge available today, right? We think so: you can do this by housing all relevant GDPR information in your architecture

Architecture is the connecting factor between people, processes, applications, data (including personal data) and infrastructure. By working with an architect, the “privacy officer” gets a very good idea of how these are connected and can zoom in specifically on personal data. By properly filling the architecture and unlocking it with standard BI / reporting tooling, powerful GDPR risk dashboards can be generated.

These GDPR risk dashboards enable privacy officers to easily prioritize risks and structurally monitor the progress of improvement measures. Managers and directors also gain insight into the state of affairs and can start exercising control. In this way, privacy becomes something for the entire organization. After all, privacy is a joint responsibility. Such a GDPR risk dashboard can help organizations make the steering and control of GDPR measures much stronger. Both the director, the architect in the CIO office and the privacy officer can create a clear win-win-win with this.

Would you like to know more about our GDPR risk dashboard and other practical solutions to get a grip on the GDPR using architecture? Then feel free to contact us.

Elize Vos
Elize Vos

Consultant

Elize is consultant at Highberg, is an actuary, member of the Actuarial Association and holds the title AAG. She has extensive experience in pension advisory….
Discover more

Related insights

Grip and Value: Balancing Defensive and Offensive Data Management
Article
9 months ago | 4 min read
Grip and Value: Balancing Defensive and Offensive Data Management

Your organization has more and more data available, yet it remains a constant struggle to use this data strategically while also complying with regulations. One team focuses on innovation and dashboards, while another worries about GDPR compliance, data quality, and audit trails. The reality is that without balance between control and utilization, the promise of data-driven work remains largely theoretical.

IT and OT converging, how do we keep a grip on this (r) evolution?
Article
2 years ago | 5 min read
IT and OT converging, how do we keep a grip on this (r) evolution?

IT and I(I)OT are converging, developments are accelerating, now what, evolution or revolution? Actually, there are 3 major developments happening simultaneously in the world of operational technology (OT). First, the number of business and management processes that require both office automation (IT) and OT to be available is growing; with or without interfaces between them. Applications are growing, but information security is not automatically growing with them. This makes a second development even more important, that of growing external threats, with most in the news ransomware, such as previously at Maersk, recently at the Gelderland security region. Last but not least, there is a new player in this domain, dubbed by someone the "IoT virus. It often starts with 'sensors,' but eventually it involves large data streams, which need to be controlled. Lots of potential but immature in terms of security, thus vulnerable. What should enterprise management do with this? Adapt quickly to these new developments, at the risk of making mistakes because of this speed? Opt for evolution or revolution? Our answer is 'both', but according to a controlled change approach, in which IT and OT are aligned, with a stepped Architecture process and appropriate Communication at each stakeholder level.

Also of Interest