Welcome!

Blog Feed Post

Enterprise Architects: Critical Resource for GDPR Compliance

The primary goal of digital transformation is to improve an enterprise’s focus on its customers. Given the complexity of today’s digital enterprises, however, there are often additional priorities that are every bit as important, if not as strategic as customer focus.

In particular, the primary business driver of digital transformation is frequently regulatory change. Regulatory compliance is essentially a risk mitigation business driver. Furthermore, compliance with new or changed regulations typically comes with a firm deadline.

In the case of the General Data Protection Regulation (GDPR), regulatory change is driving cross-organizational transformation at companies in Europe and around the globe.

At the same time, such efforts also improve those firms’ focus on their customers as well, as the GDPR mandates how companies deal with information about any EU citizen – in particular, their customers. GDPR compliance is thus adding additional urgency to transformation efforts that are already strategic to the enterprise.

About the GDPR

GDPR Compliance on Atoll SAMU (Source: Atoll Technologies)

GDPR Compliance on Atoll SAMU (Source: Atoll Technologies)

The GDPR is the European Union’s legal framework for the privacy and protection of the personal data of all EU citizens. Once the May 2018 deadline for implementing the regulation passes, it will apply not just to European companies, but to any company anywhere in the world that has information about EU citizens.

The GDPR thus establishes ground rules for any company that holds or processes personal data of such citizens. It requires companies to maintain records of data processing activities, appoint Data Protection Officers (DPOs), conduct privacy impact assessments, implement enhanced transparency in the form of privacy notices and consent forms, as well as the rights of EU citizens to be forgotten and to move their data from one company to another.

The penalties for non-compliance can be draconian – up to €20 million or 4% of a company’s annual worldwide turnover. The regulation supersedes all relevant national laws within EU countries, and extends the scope of the current EU data protection law to all foreign companies processing EU citizens’ data.

There are many facets to the GDPR, but the minimum mandatory requirements include maintaining accurate records of all sensitive personal data storage and processing, implementing processes that account for personal data privacy, and the ability to demonstrate to regulators that the company has put forth a ‘best effort’ to comply with the GDPR.

Enterprise Architects’ Essential Role

Although the DPO is primarily responsible for compliance with and implementation of the GDPR, this individual will need a team of specialists to be successful. The Enterprise Architect (EA) plays a critical role on this GDPR compliance team.

In particular, EAs can help answer important questions based upon an updated EA repository, such as the one that Atoll SAMU offers.

Some of these questions apply directly to personal data:

  • How is the organization collecting personal data?
  • Where do personal data reside in the organization?
  • Where does the organization intend to store personal data?

Other questions focus more on business processes involving personal data, for example:

  • How is the organization implementing personal consent mechanisms like opting out?
  • How do personal data move through the organization? Where do they go?
  • How and where does the organization process personal data?
  • How is the organization dealing with the confidentiality of personal data? For example, does it have a means to pseudonymize such information?

A third set of questions focus more on individuals and their roles:

  • Who is the DPO and how will they execute their role?
  • Who within the organization owns the processes involving personal data?

Given the diversity of such questions, EAs are particularly well-suited to support the DPO’s efforts because they have broad visibility into the business, the technology, and the data within the organization.

EAs can support the DPOs they work with by providing insights into all processes, applications, and data that are relevant to GDPR compliance. Furthermore, they can offer information on data objects, data flows, and associated responsibilities.

EAs are also well-situated to draw attention to risks and potential compliance breaches. Outside of the GDPR compliance team, EAs can also help technology owners identify technology risks and prepare preventative measures within the scope of their responsibility.

In fact, this risk identification role for EAs is especially important for the data protection impact assessment (DPIA), which organizations must perform before they deploy a new technology.

Additionally, EAs can be instrumental in defining application development guidelines that conform to the principles of data protection. Such guidelines will naturally apply to developers, but they also apply to system architects, database architects, security analysts, and other personnel who must be up to speed on how GDPR affects their roles.

Finally, EAs are well-situated to ensure continuous compliance with GDPR, and therefore they serve a critical day-to-day role within the processes that the regulation impacts.

The Intellyx Take

As with all compliance mandates, it is insufficient simply to be compliant with GDPR. Every organization must also be able to prove that they are complaint.

In other words, in addition to the rules about collecting, using, and managing data on EU citizens, the GDPR also establishes corresponding rules for information on how each company is complying with the regulation, for example, compliance auditing processes and requirements.

In addition, compliance is never static. Today’s world is extraordinarily dynamic, and the rate of change is only increasing. Such change complicates the GDPR compliance challenge.

Adequate compliance today may not mean adequate compliance tomorrow. In such turbulent environments, Enterprise Architecture is instrumental to facilitating continuous governance and compliance within a context of flexible control.

Furthermore, an Enterprise Architecture collaboration tool and repository like SAMU is an essential tool in the toolbelt of EAs as they support the DPO and the rest of the organization. Such a tool also provides essential visibility to auditors who must determine the level of compliance within an organization.

In the final analysis, GDPR compliance touches many different people across a wide range of processes and supporting technologies within any company. EAs are well-positioned to coordinate the necessary communication and collaboration in order to avoid the organizational and technological silos that are so common in large organizations, and yet anathema to successful implementation of a GDPR compliance effort.

Without an effective EA role, the GDPR compliance effort will face unnecessary risks – which might lead to a costly mistake.

Copyright © Intellyx LLC. Atoll is an Intellyx client. At the time of writing, none of the other organizations mentioned in this article are Intellyx clients. Intellyx retains full editorial control over the content of this paper.

Read the original blog entry...

More Stories By Jason Bloomberg

Jason Bloomberg is a leading IT industry analyst, Forbes contributor, keynote speaker, and globally recognized expert on multiple disruptive trends in enterprise technology and digital transformation. He is ranked #5 on Onalytica’s list of top Digital Transformation influencers for 2018 and #15 on Jax’s list of top DevOps influencers for 2017, the only person to appear on both lists.

As founder and president of Agile Digital Transformation analyst firm Intellyx, he advises, writes, and speaks on a diverse set of topics, including digital transformation, artificial intelligence, cloud computing, devops, big data/analytics, cybersecurity, blockchain/bitcoin/cryptocurrency, no-code/low-code platforms and tools, organizational transformation, internet of things, enterprise architecture, SD-WAN/SDX, mainframes, hybrid IT, and legacy transformation, among other topics.

Mr. Bloomberg’s articles in Forbes are often viewed by more than 100,000 readers. During his career, he has published over 1,200 articles (over 200 for Forbes alone), spoken at over 400 conferences and webinars, and he has been quoted in the press and blogosphere over 2,000 times.

Mr. Bloomberg is the author or coauthor of four books: The Agile Architecture Revolution (Wiley, 2013), Service Orient or Be Doomed! How Service Orientation Will Change Your Business (Wiley, 2006), XML and Web Services Unleashed (SAMS Publishing, 2002), and Web Page Scripting Techniques (Hayden Books, 1996). His next book, Agile Digital Transformation, is due within the next year.

At SOA-focused industry analyst firm ZapThink from 2001 to 2013, Mr. Bloomberg created and delivered the Licensed ZapThink Architect (LZA) Service-Oriented Architecture (SOA) course and associated credential, certifying over 1,700 professionals worldwide. He is one of the original Managing Partners of ZapThink LLC, which was acquired by Dovel Technologies in 2011.

Prior to ZapThink, Mr. Bloomberg built a diverse background in eBusiness technology management and industry analysis, including serving as a senior analyst in IDC’s eBusiness Advisory group, as well as holding eBusiness management positions at USWeb/CKS (later marchFIRST) and WaveBend Solutions (now Hitachi Consulting), and several software and web development positions.

Latest Stories
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and G...
With more than 30 Kubernetes solutions in the marketplace, it's tempting to think Kubernetes and the vendor ecosystem has solved the problem of operationalizing containers at scale or of automatically managing the elasticity of the underlying infrastructure that these solutions need to be truly scalable. Far from it. There are at least six major pain points that companies experience when they try to deploy and run Kubernetes in their complex environments. In this presentation, the speaker will d...
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
In this presentation, you will learn first hand what works and what doesn't while architecting and deploying OpenStack. Some of the topics will include:- best practices for creating repeatable deployments of OpenStack- multi-site considerations- how to customize OpenStack to integrate with your existing systems and security best practices.
"DevOps is set to be one of the most profound disruptions to hit IT in decades," said Andi Mann. "It is a natural extension of cloud computing, and I have seen both firsthand and in independent research the fantastic results DevOps delivers. So I am excited to help the great team at @DevOpsSUMMIT and CloudEXPO tell the world how they can leverage this emerging disruptive trend."
Security, data privacy, reliability and regulatory compliance are critical factors when evaluating whether to move business applications from in-house client hosted environments to a cloud platform. In her session at 18th Cloud Expo, Vandana Viswanathan, Associate Director at Cognizant, In this session, will provide an orientation to the five stages required to implement a cloud hosted solution validation strategy.
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Everyone wants the rainbow - reduced IT costs, scalability, continuity, flexibility, manageability, and innovation. But in order to get to that collaboration rainbow, you need the cloud! In this presentation, we'll cover three areas: First - the rainbow of benefits from cloud collaboration. There are many different reasons why more and more companies and institutions are moving to the cloud. Benefits include: cost savings (reducing on-prem infrastructure, reducing data center foot print, redu...
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.