erwin Expert Blog

Enterprise Architecture for GDPR Compliance

With the May 2018 deadline for the General Data Protection Regulation (GDPR) fast approaching, enterprise architecture (EA), should be high on the priority list for organizations that handle the personal data of citizens in any European Union state.

GDPR compliance requires an overview of why and how personal data is collected, stored, processed and accessed. It also extends to third-party access and determining – within reason – what internal or external threats exist.

Because of EA’s holistic view of an organization and its systems, enterprise architects are primed to take the lead.

Enterprise Architecture for GDPR

Enterprise architecture for GDPR: Data privacy by design

The fragmented nature of data regulation and the discrepancies in standards from country to country made GDPR inevitable. Those same discrepancies in standards make it very likely that come May 2018, your organization will be uncompliant if changes aren’t made now.

So, organizations have two issues to tackle: 1) the finding problem and 2) the filing problem.

First, organizations must understand where all the private, personal and sensitive data is within all their systems . This also includes all the systems within their respective value chains. Hence, the finding problem.

Second, organizations must address the filing problem, which pertains to how they process data. As well as being a prerequisite for GDPR compliance, tackling the filing problem is essentially a fix to ensure the original finding problem is never as much of a headache again.

Starting with business requirements (A) and working through to product application (B), organizations have to create an environment whereby data goes from A to B via integral checkpoints to maintain data privacy.

This ensures that through every instance of the application development lifecycle – analysis, design, development, implementation and evaluation – the organization has taken all the necessary steps to ensure GDPR standards are met.

Enterprise architecture provides the framework of data privacy by design. By understanding how your organization’s systems fit together, you’ll see where data is as it moves along the application development lifecycle.

Enterprise architecture for GDPR: The benefits of collaboration

Of course, one of the requirements of GDPR is that compliance and all the steps to it can be demonstrated. Dedicated EA tools have the capacity to model the relevant information.

A dedicated and collaborative enterprise architecture tool takes things to the next level by  simplifying the export and sharing of completed models.

But there’s more. Truly collaborative EA tools allow relevant stakeholders (department heads, line managers) directly involved in handling the data of interest to be involved in the modeling process itself. This leads to more accurate reporting, more reliable data, and faster turnaround, all of which have a positive effect on business efficiency and the bottom line.

Approaching GDPR compliance with enterprise architecture does more than complete a chore or tick a box.  It becomes an opportunity for constant business improvement.

In other words, organizations can use enterprise architecture for GDPR as a catalyst for deeper, proactive digital transformation.

erwin partner Sandhill Consultants has produced a three-part webinar series on Navigating the GDPR Waters.

The first webinar covers the identification and classification of personally identifiable information and sensitive information and technologies, such as enterprise architecture, that can assist in identifying and classifying this sort of data.

Click here to access this webinar.

erwin blog