GDPR goes into effect on May 25, 2018. Anyone who captures personal data for EU members will be subject to meeting these compliance guidelines or risk fines of up to 20 Million Euro or 4% of annual worldwide turnover from your previous year.
Recently Sultan Shiffa produced an amazing whitepaper about "Governing GDPR Challenges with Enterprise Data Architecture". As I was reading it I started to put together a list of things to think or questions to ask in regards to each section that he addressed.
Here is my revised version of a diagram (created in ER/Studio Business Architect) that Sultan used in his white paper:
Let's look at each Task individually.
Each organization needs to set up a Data Protection Officer to address GDPR issues.
It's essential that your organization knows how you intend to address GDPR.
You should review the data across your organization to identify where personal data is stored.
You should review what procedures you already have in place in regards to GDPR as well as where those processes need to be updated.
You should know who has access to what information in your system.
You should know how you will address any of the items covered as individuals rights.
Everyone in your organization should know what their role if a data breach occurs.
You should know the risks in your organization as well as the impact of those risks.
GDPR requires that you have all of your processes documented. ER/Studio Business Architect allows you to create Business Process Models and to document those processes complete with External Data Objects.
The act of creating Business Process Models allows all employees across the organization to identify where they are impacting personal data.
Checking these models into the Repository via ER/Studio Enterprise Team Edition and publishing them to Team Server allows you to post these processes for the whole organization to have visibility. Additionally, as these processes are updated they are immediately available for all to see.
Using tools like ER/Studio Business Architect, ER/Studio Data Architect and ER/Studio Enterprise Team Edition can help you to get your organization quickly into compliance with GDPR regulations.