Recorded iGrafx GDPR Webinar Launch below:
In the face of unprecedented financial penalties for failure to comply, not all organisations are celebrating the coming of GDPR. Many see it as an administrative burden creating little or no value for their organisation or its customers. In stark contrast to these pessimistic views of GDPR, a growing number of progressive firms are set on turning it to their advantage going beyond compliance alone. From the outset, a fresh approach is essential.
GDPR in no way resembles earlier initiatives such as Quality. Here, doing the very minimum to get through certification was for many, preferable. For GDPR, this is not an option. With the exception of very small businesses, the ability to systematically prove compliance and to go on to avoid potential data breaches requires rigorous procedures and processes. In turn, these must be validated from start to finish and through the many ‘if-then’ permutations that complex business processes typically follow, a task not for the fainthearted. Identifying the right approach is essential.
Whilst GDPR guidelines make frequent reference to the need to document procedures, it makes no specific recommendation as to the medium to use, notably text or flowcharts. Here, lessons can learned from some of the more progressive companies that have pursued transformation initiatives such as ISO 9000, Six Sigma and Lean. Process models, information-rich versions of flowcharts, with performance metrics, dynamic links – both up and down as well as across or processes hierarchies, and linked to external documents and data, have created new degrees of clarity and transparency as to how business operates.
The new levels of transparency process models create, go beyond the realms of textual documentation or one-dimensional flowcharts. Risks, roles, responsibilities and more besides becoming objects stored in a database within the process modelling tool or Business Process Management Suite (BPMS). With risks, roles, and responsibilities assigned to workflows and tasks, their occurrence and impact can be easily traced across the entire processes landscape. Mitigation of risks can then follow so reducing the likelihood of a breach, bolstering evidence of compliance or exposing the potential for failure in the process. GDPR is not about simply mapping the ‘as-is’ but about the need to create new procedures in place, as prescribed by the UK’s ICO. Process models are the ideal medium creating visibility and clarity and for highlight risks.
In the event of a breach occurring, there must be planned and coordinated response that sees personnel under the direction of the nominated DPO (Data Protection Offices) expediting tasks to, where possible, mitigate the effects of a breach and in due course, inform the ICO. Process models created, validated and disseminated ahead of time promote best practice increasing the assurance that all required tasks are undertaken appropriately.
The management of risks, the Achilles Heel of data protection, need not and should not exist in a separate technology silo. All employees must be aware of risks, their potential impact and the required steps they can take to ameliorate issues. New generation BPM suites connect risk registers with live processes whilst keeping responsible managers informed and alert, ready to react in a timely manner.
An effective approach to GDPR is likely to trigger demand for new and incremental functionality from IT systems. With the May 2018 deadline for GDPR compliance looming, requirements for additional functionality from the line of business IT systems – some minor, some major, may result in many IT departments and IT vendors may be struggling to meet demand. With much of the work already done, iGrafx not only provides a platform for modelling processes and GDPR related artifacts but enables the deployment of process models as workflows while providing complete transparency into the status of processes.
To find discuss your vision for Compliance and GDPR and to find out more what compliance could look like and how leading organisations are transforming their approach and creating value from GDPR while meeting the 2018 deadline, contact IGX Solutions to learn more.
Despite the risk of unprecedented financial penalties from failures to demonstrate compliance, there remains some ambivalence to the impending dateline for GDRP compliance and the implications of the work needed. In stark contrast to some pessimistic views of GDPR, a growing number of progressive organisations are set on turning GDPR to their advantage going beyond compliance alone.
GDPR in no way resembles past initiatives such as Quality, where doing the very minimum to get through certification was, for many, preferable. Simply approaching GDPR as a documentation exercise will not suffice. The ability to systematically prove compliance and to be equally proactive in avoidance and elimination of potential data breaches requires deep knowledge of an organisation system and processes at a blue-print level.
Whilst GDPR guidelines make frequent reference to the need to document systems and organisational procedures, it makes no specific recommendation as to the medium to use, the options being textual documentation or graphical flowcharts. At this stage, lessons can learned from some of the more progressive companies that have pursued transformational initiatives such as ISO 9000, Six Sigma and Lean. Here, process models, information rich versions of flowcharts, with performance metrics, dynamic links – both up and down as well as across or processes hierarchies, plus hyperlinks where needed to external documents and data, have created new degrees of clarity and insight as to how businesses actually operate The new levels of transparency process models create go beyond the realms of textual documentation or conventional one-dimensional ‘flat’ flowcharts. With risks, roles, responsibilities and more besides stored in a live database either in the modelling tool (or Business Process Management suite (BPMS), process maps become dynamic models creating new levels of visibility and insight, eg: are we compliant?
GDPR is not about simply mapping the ‘as-is’ but about the need to create, validate, and promote adherence to secure processes, that ensure compliance as prescribed by the UK’s ICO. Process models using industry standard notation methods such as BPMN are essential, providing clarity for process users and the potential for process execution by IT systems. At all costs, avoid complex tools and methods which reduce adoption and success in the business.
In the event of a breech occurring, there must be planned and coordinated response that sees personnel, under the direction of the nominated DPO (Data Protection Officer), expediting a sequence of tasks to, where possible, rapidly mitigate the effects of a breech and in very short time, inform the ICO.
The management of risks, the Achilles Heel of data protection, should not and need not exist in a separate technology siloes. All employees need to be aware of risks, their likely and potential impact and the required steps they must take to ameliorate them. Current generation BPM suites connect risk registers with live processes whilst keeping responsible managers informed and alert, ready to react in a timely manner.
With the May 2018 GDPR date looming, any and every recognisable organisation that qualifies as a data owner or processer and having to become GDPR compliant, there is likely to be a significant spike in demand for either changes to existing systems or new IT functionality to create or improve the management of data. It is reasonable to say many IT departments and software vendors may struggle with the demand. For those organisations at the forefront of GDPR taking a process-centric approach using a business process management suite (BPMS), the ability to rapidly turn process models into functioning and executable processes creates new levels of agility and efficiency.
To find out what GDPR compliance could look like, and how leading organisations are transforming their approach and creating value from GDPR, contact iGx Solutions on 0844 576 3306
About the author – Trevor Morton is a member of the iGx Solution teams with over 15 years experience of BPM (Business Process Management).