Tag Archives: GRC

  • -

Do digital board packs help your organisation to comply with GDPR?

Category:Services,UK Blog Tags : 

Do you have governance around your board back? Do you have meta-data and master data supporting your generation of the board packs? 

Now, first, we did pass the May 25th – and large organisations are still struggling with GDPR! No longer as a project, but typically more to absorb the endless amount of excels and small GDPR tools that eventually were delivered as the project outcome. Now another phase takes over – what to do with the project outcome?

This calls for another maturity level that cannot be provided by small point tools or excel. This calls for a larger piece of collaboration to make ‘stuff’ updated; typically, by having the GDPR processes embedded into a larger solution flexible enough for helping the executive team to steer the boat – it calls for the governance around the digital board pack!

That was then…

A lot was written about the impact the EU General Data Protection Regulation (GDPR) in the period up to May 25th 2018. And even though up to 60% may have slipped the deadline, see a recent survey, the fact is more likely that most organisations completed the GDPR project during 2018, but still will be working with GDPR also in 2019 – how can that be?

As mentioned in a recent blogpost, there is a natural progression towards being better at compliance, and also for GDPR – and that is way beyond the project outcome ending 2018. It is the progression..

  • to move from project to line organisation
  • to onboard managers and specialists to keep information fresh
  • to transition from project into process – and what is the IMACD of person-related data process activities are solved
  • to simplify the Article 30 report generation
  • to remove simple risk tools to consolidate the governance in the digital platform
  • to make ownership up to the board for the updated compliance views.

The data of the GDPR compliance will continue its journey to be alive, and it will continue down the maturity ladder to distinguish dataprocessors from data controllers, move away from text fields and into elements of meta-data to oversee the ocean of GDPR.

But most importantly, the transition is about getting the organisational ownership, where managers act on their responsibility and accountability to be compliant. Where the project 2018 was driven by fear of potential penalties, the new demand is much more to make it actionable within the line organisations where ‘stuff’ gets updated and the executive board can make decisions based on new evidence. This is often referred to as “EA”, the grid or architecture (A) space of an entire enterprise (E ).

How does this tie into my executive team?

Once you have completed the project, you may have data. Once you have moved it into a point tool, you may have reached slightly modified data so see the first patterns. It still doesn’t bring you much further. The heavy lifting involves more:

  • First, you need to move from free text and text fields into meta-data. This means that you don’t type pay-slip in a text field, but you check ‘pay-slip’, and you can afterwards analyse where ‘pay-slip’ is being processed by systems and processing or controlling activities
  • Second, you need to transition into the architecture portal where governance is typically managed, that is, who is the system owner? Who is the data process owner? Who should update this piece of data. Very often, we see BI solutions reporting long lists of data – but that is very distinct from the next maturity level where these people can do actionable reviews and updates. This if often is referred to as digital platforms or EA platforms (like MooD, ERP, etc).
  • Third, you need the escalation route embedded to the executive team. It is the management team that is accountable and needs to have the blind eye opened. Without their eyes open and provided insight – only the one-eyed will be king among the blinds.

So anyone within the board should be trained, concerned and be kept updated!

The way forward?

There is a natural progression towards maturity – but only if it is guided. You need to find an advisor who can helpyou to make a living architecture.

With a living architecture, you onboard the ‘softer’ side of and provide decision insight to your management.  When used properly, you get the connected enterprise where boards act when things start to drift. So, anyone within the board should be trained, concerned and be kept updated! That is what we provide as part of our digital board pack service.

Working with different next generation technologies, we offer a digital platform that help large organisations to have a digital board pack, not a PowerPoint! Online views where you can drill into data, updated by the responsible people in the organisation, supplemented by technical data so you can view the online portal and stay compliant. We talk about powering your digital ability.

Giving all your directors access to the information they need to know about your GDPR policies in one place, makes it much easier for them to find the information they need and ask the right questions when it is discussed – all managed as meta-data and by the relevant people. No more emails – no more point tools.

If you have questions, please do not hesitate to make contact. We are the leading organisation in digital governance helping large organisations to succeed with their business transformation. We power your digital mood!