The latest buzz in the corporate world has been around the General Data Protection Regulation (GDPR). Are you ready for the regulation to become enforceable from May 25, 2018? If you are not, it could cost you.
This new regulation is intended to protect the personal data of individuals and citizens of the European Union (EU). So why are we talking about it in the US? Because it also addresses the export of personal data outside the EU and applies to organizations based outside the European Union if they collect or process personal data of EU residents. Additionally, whether or not a company does business in the EU and/or directly collects and processes the personal data of EU residents, it may very well support vendors who do, and those vendors will require their suppliers to be compliant. That means just about everyone will be impacted.
In order to be able to demonstrate compliance with the GDPR, the data controller should implement measures where data protection is designed into the development of business processes for products and services. Failure to be in compliance could have serious consequences to your organization’s bottom line, customer relationships, and brand image.To meet the requirements, organizations will need to do more than simply lock down systems. It will require them to review and map business processes and the associated data and information flows to determine privacy risks. The lifecycle of the data needs to be identified to ensure the control and purpose of its use. This effort will impact most departments of the organization. Why not take this opportunity to continue OR start your journey towards effective business process management?
There are myriad vendors who’ve recently leapt to offer GDPR tools, content and objects that claim to deliver compliance, but miss entirely the crucial aspect of identifying where subject data touches internal processes. Throughout my career I’ve had great success working with iGrafx, because it allows users to document business processes, standardize data flows, formats and dependencies and establish processes owners and required approval work flows. Most importantly, it provides a platform to report on and identify gaps between regulatory risks and your processes to continuously maintain and sustain your business processes going forward.