In a recent user conference for our Alfabet product for enterprise architecture (EA), IT planning and portfolio management, a session on the EU General Data Protection Regulation (GDPR) sparked an interesting discussion.
Perceived as threatening and potentially bad for business by many companies, it seems that, at least, for an EA practice, GDPR has a definite upside. The customer presentation that kicked off the discussion was titled: “How I Learned to Stop Worrying and Love GDPR.” He talked about how GDPR cuts across his company’s three main initiatives of 1) digital delivery and speed to value, 2) differentiating on customer experience and 3), bolstering the company against cyber-attacks.
In his opinion understanding the IT architecture helps understand risk. Finding “application,” the “natural unit of understanding IT estate,” Alfabet is appropriate for “managing corporate memory and compliance.” With Alfabet the company has created a single application catalog across the whole business, mapped data flow to and from all applications within scope and linked applications to business services, service management and infrastructure management and security risk.
The lessons this customer has learned through the GDPR project are that 1) the cost of data discovery is high, doing it retrospectively even more so, 2) stakeholders can be many and varied, and 3) data helps drive decision-making.
I translated these lessons into benefits that GDPR is bestowing on us:
- Intimate knowledge of the data being managed (and this already in the system design phase)
- Better understanding of the data through the varied and collective contribution of the many different stakeholders
- Facts should drive decision-making and not gut feel or big pockets.
So, GDPR is good for us. It is forcing us to instill good data management practices, good architecture practices and good business practices. Indeed, in the discussion that ensued after the presentation, attendees talked about GDPR bringing value, visibility and data quality to their EA practices.
It has forced companies to ramp up speed in getting their architecture repository together. It is forcing shadow IT to come out of the shadows as more and more parts of the business come forth with their local applications to have them managed in through EA and thus be managed in a GDPR-compliant way.
So now that GDPR is fact of life, let’s stop grumbling about the extra work it involves and appreciate its potential to help us achieve our strategic transformation initiatives. I know, for one, that I’m lovin’ it!
Check out our video on how to support GDPR compliance efforts with an architecture and governance framework by clicking below.