Make your GDPR compliance journey smooth with Columbus RapidValue
22 March, 2018
Organizations need to be accountable for all the compliance mandates that affect operations in order to manage the security of business roles, ERP system, and data. Now, roles, ERP, and data cannot be separated from business processes.
Organizations need to be accountable for all the compliance mandates that affect operations in order to manage the security of business roles, ERP system, and data. Now, roles, ERP, and data cannot be separated from business processes. Therefore, all the workflows and processes are to be included when planning compliance and security.
Columbus RapidValue BPM suite, a business process management tool makes it possible to sync business processes with the ERP system and align it with the company’s objectives and strategies.
All organization specific GRC (governance, risk management, and compliance) and GDPR business processes and flows can be mapped as a solution in RapidValue BPM Suite. Further, RapidValue BPM Suite helps in creating the data model, application model, process model, and business model for your organization. All GDPR related vision, mission, goals, and metrics (example MTTI-Mean Time to Identify, MTTR-Mean Time to Resolve in case of a breach) can be mapped in RapidValue BPM Suite and also can be linked to your process model. This helps identify the applications that have a touch point with personal data (PII).
RapidValue BPM Implementation Workspace provides your GDPR team a perfect tool to gather evidence; tracking compliance of those applications across functional groups, and provide a complete a project orientation across your GDPR compliance journey.
How to achieve GDPR compliance with RapidValue BPM Suite?
Define your organization’s GDPR vision, strategy, goal, and maps in RapidValue BPM Suite.
GDPR Organization strategy model mapped in RapidValue to detail GDPR Mission, Goals and KPIs.
Create a GDPR Compliance Journey solution in RapidValue BPM Suite.
Import GDPR requirements and description and map your Policies in RapidValue BPM Suite. This includes all Data subject requirements and Privacy requirements as well.
Map third party and different member state governance.
Map enterprise risk, remediation, compliance, and resiliency process in RapidValue BPM Suite.
Capture specific audit requirements in RapidValue BPM Suite.
Personally Identifiable Information (PII) mapping across your organization flows. Highlight all business processes, flows, and activities with PII or PHI data.
Identify the key data elements as PII or PHI Data Objects in RapidValue Data Objects. This includes- Data items (Name, email address, health data, credit card info, biometrics, location data, and criminal records), Data formats (paper records, database, and digital like USB etc.), Data Locations (on-premise, cloud, and third party. different member state) and Data Transfer methods (Internal, external, social media, mobile, posts etc.)
Scope and phase out your GDPR compliance project. Phase the separate compliance project activities into Discover, Define, Develop, Deploy and Sustain milestones in RapidValue BPM Suite.
GDPR Organization process and application model mapped in RapidValue. Organizations may need investment in ISV or other applications to meet GDPR data subject rights as mentioned in Chapter-3 (Article 12-23) Rights of the data subject
Do a Fit-Gap analysis so that there are no gaps in your compliance efforts to meet the deadlines.
Analyze Gaps to create system requirements. Push these requirements to VSTS for subsequent development work.
Conduct Data Protection Impact Assessments (DPIAs) using RapidValue as the base.
Conduct a Data mapping exercise in RapidValue BPM suite. Store all DPIA related “Questions” as RapidValue Solution Questions. These can be used whenever a DPIA Exercise is done.
Use RapidValue BPM Suite to create Acceptance Test plan, Test specifications and Report.
GDPR Organization model mapped in RapidValue to detail GDPR governance structure, departments, roles, and positions.
Perform the acceptance test involving all flows with Personally Identifiable Information (PII) in D365 for FOE or other applications.
Once GDPR compliant, use RapidValue BPM suite as the primary business process management and knowledge management tool across your organization.
Maintain and evolve your business processes to keep them relevant.
Example data flow with sensitive data identified during DPIA (Data Protection Impact Assessment) in RapidValue BPM suite:
RapidValue BPM suite helps you identify, capture, categorize and analyze all activities that involve dealing with personally identifiable information or protected health information. Flow activity highlights any PII data processing in an activity. See an example below:
All business processes, flows, and activities related to GDPR compliance can be sorted easily to identify an organization’s exposure and help it focus on high-risk areas. This helps prioritize the activities as well.
RapidValue BPM suite enables you to understand and determine how businesses run by designing a business model that shows the dependencies among people, processes, and systems. For a start, define strategy and goals and map them to processes. Empower employees as you extend direct access to Microsoft Dynamics 365 to all process details that they need to know.
If you are using Microsoft Dynamics 365 for Finance and operations, Columbus Security and Compliance Studio enables you to implement and integrate your GDPR Audit and privacy requirements. It ensures that the security concepts are implemented in a way that users get limited access helping them to work optimally.
GDPR compliance, in an organization with diversified and fragmented data, can be a challenging goal. An organization must have comprehensive governance, risk management, and compliance (GRC) strategy in place in order to achieve GDPR compliance and have complete control of the data assets.