In our second blog of our series "Mastering the GDPR with Enterprise Architecture", we will focus on Enterprise Architects and the GDPR.
Although the data protection officer is the main person responsible for compliance with and implementation of the GDPR, Enterprise Architects (EAs) are ideally placed to play a pivotal role in this implementation.
EAs offer data protection officers insights into all processes, applications and data, and provide the necessary information on data objects, data flows and responsibilities. Enterprise Architects also point out potential risks and compliance breaches. They can help those responsible for a technology (e.g. for an application, an interface or a data object) to identify technology risks and prepare preventative measures. This is especially relevant with regard to the data protection impact assessment (DPIA), which must be performed before a new technology is deployed. As an Enterprise Architect you should ensure that you communicate with the responsible data protection officer and coordinate all necessary steps.
The role of EA
Successfully preparing your business for integrating the GDPR will require a lot of architectural work. A study found that companies consider ensuring data quality (73%) and handling data complexity (67%) to be the greatest obstacles to GDPR compliance.
EnterpriseArchitects provide access tothis information. They act as an interface to numerous stakeholders and can answer almost any question that contributes to GDPR compliance. The basic prerequisite here is that work on the Enterprise Architecture has been well implemented, architectural best practices are applied and modern tools are used.
Of course EAs cannot cover all the requirements of the GDPR; close cooperation between the key managers is therefore indispensable. An initial overview of the various data protection criteria and the interfaces to key managers can be found in the LeanIX GDPR Requirements Catalog. It will also show you where and how an EA tool can help you with GDPR implementation and when it is advisable to consult the data protection officer and the technology owners.
Do you want to know more? Be sure to read our whitepaper "Mastering the GDPR with Enterprise Architecture".