and organizations are experiencing the first stage of a new digital support:
GDPR management tools. We analyzed some of them.
for all previous cases of new business compliance processes there is today a
growing number of tools in the market addressing the all new European privacy
law, the General Data Protection Regulation, which came into force on May 25,
2018. Our main conclusion: these privacy
tools have design limitations.
some cases the approach of the solution is technological -systems designed as
if they were independent or of static nature- while in other cases it’s
functional, thus technical in compliance matters, still specific.
classify both approaches as mainly marketing-oriented; not in order to
criticize the quality of these tools as such but the fact that the solutions
primarily are momentum-driven commercial opportunities for a sudden demand,
which market is still not well versed on the subject. This practice raises issues, indeed.
with GDPR experts it emerges that some entrepreneurs and executives have taken
a vision which limits GDPR compliance to – a bureaucratic – document management
or, even worse, they seem a one-shot maintenance-free operation. All despite
the many and repeated warnings and risks of running into huge administrative
we have been confided that companies apparently prefer a non-matching real-world
business processes above the presenting of
‘official processes’ and carry on with their usual ones. The bottom
line: the risk and the purpose of the compliance audit is dispelled although
time and money is expended, and at a high risk cost at the same time.
Back to the past
note a remarkable parallel to the 90’s when ISO quality certification was
fashionable. It was not uncommon to find entrepreneurs chasing contingently
after a series of certificates, however
without any serious intention to change their company culture.
have worked with quite a few of them at that time and, unfortunately but not by
chance, none of them had enlighten their future after such choices. (None of
them exist anymore in the market, but this is just a personal account.)
decades later quality at large -finally- seems widespread in many business
environments, and process mapping & re-engineering is nothing new anymore.
The resulting benefits are acknowledged as part of our business culture.
An innovative approach – a golden opportunity
the interventions required to meet the GDPR or not taking advantage of all
actions needed during this process, may lead companies to choose wrong tools
that require serious compliancy efforts. Often this road also leads to the
impossibility to become connected with other fundamental areas of competence
such as Legal and Operations. Given all of the above, we raise a crucial
should companies and organizations re-map their processes only for GDPR
Why do GDPR tools not start from managed
standards are available, such as IDEFx, FFBD or BPMN 2.0 for modeling or
universal standards like XML or Json, just to provide some examples. Then, how
common it is actually the adoption of process mapping tools?
lack of integration of best practices and previous investments leads to a