Welcome!

Blog Feed Post

Enterprise Architects: Critical Resource for GDPR Compliance

The primary goal of digital transformation is to improve an enterprise’s focus on its customers. Given the complexity of today’s digital enterprises, however, there are often additional priorities that are every bit as important, if not as strategic as customer focus.

In particular, the primary business driver of digital transformation is frequently regulatory change. Regulatory compliance is essentially a risk mitigation business driver. Furthermore, compliance with new or changed regulations typically comes with a firm deadline.

In the case of the General Data Protection Regulation (GDPR), regulatory change is driving cross-organizational transformation at companies in Europe and around the globe.

At the same time, such efforts also improve those firms’ focus on their customers as well, as the GDPR mandates how companies deal with information about any EU citizen – in particular, their customers. GDPR compliance is thus adding additional urgency to transformation efforts that are already strategic to the enterprise.

About the GDPR

GDPR Compliance on Atoll SAMU (Source: Atoll Technologies)

GDPR Compliance on Atoll SAMU (Source: Atoll Technologies)

The GDPR is the European Union’s legal framework for the privacy and protection of the personal data of all EU citizens. Once the May 2018 deadline for implementing the regulation passes, it will apply not just to European companies, but to any company anywhere in the world that has information about EU citizens.

The GDPR thus establishes ground rules for any company that holds or processes personal data of such citizens. It requires companies to maintain records of data processing activities, appoint Data Protection Officers (DPOs), conduct privacy impact assessments, implement enhanced transparency in the form of privacy notices and consent forms, as well as the rights of EU citizens to be forgotten and to move their data from one company to another.

The penalties for non-compliance can be draconian – up to €20 million or 4% of a company’s annual worldwide turnover. The regulation supersedes all relevant national laws within EU countries, and extends the scope of the current EU data protection law to all foreign companies processing EU citizens’ data.

There are many facets to the GDPR, but the minimum mandatory requirements include maintaining accurate records of all sensitive personal data storage and processing, implementing processes that account for personal data privacy, and the ability to demonstrate to regulators that the company has put forth a ‘best effort’ to comply with the GDPR.

Enterprise Architects’ Essential Role

Although the DPO is primarily responsible for compliance with and implementation of the GDPR, this individual will need a team of specialists to be successful. The Enterprise Architect (EA) plays a critical role on this GDPR compliance team.

In particular, EAs can help answer important questions based upon an updated EA repository, such as the one that Atoll SAMU offers.

Some of these questions apply directly to personal data:

  • How is the organization collecting personal data?
  • Where do personal data reside in the organization?
  • Where does the organization intend to store personal data?

Other questions focus more on business processes involving personal data, for example:

  • How is the organization implementing personal consent mechanisms like opting out?
  • How do personal data move through the organization? Where do they go?
  • How and where does the organization process personal data?
  • How is the organization dealing with the confidentiality of personal data? For example, does it have a means to pseudonymize such information?

A third set of questions focus more on individuals and their roles:

  • Who is the DPO and how will they execute their role?
  • Who within the organization owns the processes involving personal data?

Given the diversity of such questions, EAs are particularly well-suited to support the DPO’s efforts because they have broad visibility into the business, the technology, and the data within the organization.

EAs can support the DPOs they work with by providing insights into all processes, applications, and data that are relevant to GDPR compliance. Furthermore, they can offer information on data objects, data flows, and associated responsibilities.

EAs are also well-situated to draw attention to risks and potential compliance breaches. Outside of the GDPR compliance team, EAs can also help technology owners identify technology risks and prepare preventative measures within the scope of their responsibility.

In fact, this risk identification role for EAs is especially important for the data protection impact assessment (DPIA), which organizations must perform before they deploy a new technology.

Additionally, EAs can be instrumental in defining application development guidelines that conform to the principles of data protection. Such guidelines will naturally apply to developers, but they also apply to system architects, database architects, security analysts, and other personnel who must be up to speed on how GDPR affects their roles.

Finally, EAs are well-situated to ensure continuous compliance with GDPR, and therefore they serve a critical day-to-day role within the processes that the regulation impacts.

The Intellyx Take

As with all compliance mandates, it is insufficient simply to be compliant with GDPR. Every organization must also be able to prove that they are complaint.

In other words, in addition to the rules about collecting, using, and managing data on EU citizens, the GDPR also establishes corresponding rules for information on how each company is complying with the regulation, for example, compliance auditing processes and requirements.

In addition, compliance is never static. Today’s world is extraordinarily dynamic, and the rate of change is only increasing. Such change complicates the GDPR compliance challenge.

Adequate compliance today may not mean adequate compliance tomorrow. In such turbulent environments, Enterprise Architecture is instrumental to facilitating continuous governance and compliance within a context of flexible control.

Furthermore, an Enterprise Architecture collaboration tool and repository like SAMU is an essential tool in the toolbelt of EAs as they support the DPO and the rest of the organization. Such a tool also provides essential visibility to auditors who must determine the level of compliance within an organization.

In the final analysis, GDPR compliance touches many different people across a wide range of processes and supporting technologies within any company. EAs are well-positioned to coordinate the necessary communication and collaboration in order to avoid the organizational and technological silos that are so common in large organizations, and yet anathema to successful implementation of a GDPR compliance effort.

Without an effective EA role, the GDPR compliance effort will face unnecessary risks – which might lead to a costly mistake.

Copyright © Intellyx LLC. Atoll is an Intellyx client. At the time of writing, none of the other organizations mentioned in this article are Intellyx clients. Intellyx retains full editorial control over the content of this paper.

Read the original blog entry...

More Stories By Jason Bloomberg

Jason Bloomberg is the leading expert on architecting agility for the enterprise. As president of Intellyx, Mr. Bloomberg brings his years of thought leadership in the areas of Cloud Computing, Enterprise Architecture, and Service-Oriented Architecture to a global clientele of business executives, architects, software vendors, and Cloud service providers looking to achieve technology-enabled business agility across their organizations and for their customers. His latest book, The Agile Architecture Revolution (John Wiley & Sons, 2013), sets the stage for Mr. Bloomberg’s groundbreaking Agile Architecture vision.

Mr. Bloomberg is perhaps best known for his twelve years at ZapThink, where he created and delivered the Licensed ZapThink Architect (LZA) SOA course and associated credential, certifying over 1,700 professionals worldwide. He is one of the original Managing Partners of ZapThink LLC, the leading SOA advisory and analysis firm, which was acquired by Dovel Technologies in 2011. He now runs the successor to the LZA program, the Bloomberg Agile Architecture Course, around the world.

Mr. Bloomberg is a frequent conference speaker and prolific writer. He has published over 500 articles, spoken at over 300 conferences, Webinars, and other events, and has been quoted in the press over 1,400 times as the leading expert on agile approaches to architecture in the enterprise.

Mr. Bloomberg’s previous book, Service Orient or Be Doomed! How Service Orientation Will Change Your Business (John Wiley & Sons, 2006, coauthored with Ron Schmelzer), is recognized as the leading business book on Service Orientation. He also co-authored the books XML and Web Services Unleashed (SAMS Publishing, 2002), and Web Page Scripting Techniques (Hayden Books, 1996).

Prior to ZapThink, Mr. Bloomberg built a diverse background in eBusiness technology management and industry analysis, including serving as a senior analyst in IDC’s eBusiness Advisory group, as well as holding eBusiness management positions at USWeb/CKS (later marchFIRST) and WaveBend Solutions (now Hitachi Consulting).

Latest Stories
As many know, the first generation of Cloud Management Platform (CMP) solutions were designed for managing virtual infrastructure (IaaS) and traditional applications. But that's no longer enough to satisfy evolving and complex business requirements. In his session at 21st Cloud Expo, Scott Davis, Embotics CTO, explored how next-generation CMPs ensure organizations can manage cloud-native and microservice-based application architectures, while also facilitating agile DevOps methodology. He expla...
SYS-CON Events announced today that Synametrics Technologies will exhibit at SYS-CON's 22nd International Cloud Expo®, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Synametrics Technologies is a privately held company based in Plainsboro, New Jersey that has been providing solutions for the developer community since 1997. Based on the success of its initial product offerings such as WinSQL, Xeams, SynaMan and Syncrify, Synametrics continues to create and hone in...
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices t...
"Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
DevOps promotes continuous improvement through a culture of collaboration. But in real terms, how do you: Integrate activities across diverse teams and services? Make objective decisions with system-wide visibility? Use feedback loops to enable learning and improvement? With technology insights and real-world examples, in his general session at @DevOpsSummit, at 21st Cloud Expo, Andi Mann, Chief Technology Advocate at Splunk, explored how leading organizations use data-driven DevOps to clos...
"I focus on what we are calling CAST Highlight, which is our SaaS application portfolio analysis tool. It is an extremely lightweight tool that can integrate with pretty much any build process right now," explained Andrew Siegmund, Application Migration Specialist for CAST, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, discussed how they built...
The dynamic nature of the cloud means that change is a constant when it comes to modern cloud-based infrastructure. Delivering modern applications to end users, therefore, is a constantly shifting challenge. Delivery automation helps IT Ops teams ensure that apps are providing an optimal end user experience over hybrid-cloud and multi-cloud environments, no matter what the current state of the infrastructure is. To employ a delivery automation strategy that reflects your business rules, making r...
The past few years have brought a sea change in the way applications are architected, developed, and consumed—increasing both the complexity of testing and the business impact of software failures. How can software testing professionals keep pace with modern application delivery, given the trends that impact both architectures (cloud, microservices, and APIs) and processes (DevOps, agile, and continuous delivery)? This is where continuous testing comes in. D
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
No hype cycles or predictions of a gazillion things here. IoT is here. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, an Associate Partner of Analytics, IoT & Cybersecurity at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He also discussed the evaluation of communication standards and IoT messaging protocols, data...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
Digital transformation is about embracing digital technologies into a company's culture to better connect with its customers, automate processes, create better tools, enter new markets, etc. Such a transformation requires continuous orchestration across teams and an environment based on open collaboration and daily experiments. In his session at 21st Cloud Expo, Alex Casalboni, Technical (Cloud) Evangelist at Cloud Academy, explored and discussed the most urgent unsolved challenges to achieve f...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, application p...